Apache Solr Relative Path Traversal Vulnerability in Configset Upload API on Windows

A relative path traversal vulnerability has been identified in Apache Solr versions 6.6 through 9.7.0, specifically in instances running on Windows. This vulnerability allows arbitrary write access to the filesystem due to inadequate input sanitation in the 'configset upload' API. Maliciously crafted ZIP files can exploit this flaw, using relative paths to write data to unexpected locations on the filesystem. This issue is commonly referred to as a 'zipslip' vulnerability.

Impact

Exploitation of this vulnerability could lead to unauthorized writing of files to arbitrary locations on the Windows filesystem, potentially overwriting critical system files or application data.

Remediation

Users are advised to upgrade to Apache Solr version 9.8.0, which addresses this vulnerability. For those unable to upgrade, access to the 'configset upload' API can be restricted using Solr's 'Rule-Based Authentication Plugin', allowing only a trusted set of administrators or users to access the API.