Apache Solr Insufficient Input Validation in Core Creation API Allowing Unauthorized File Access

A vulnerability exists in the 'create core' API of Apache Solr versions 8.6 to 9.10.0. The issue arises from inadequate input validation on certain API parameters, enabling Solr to access and read file-system paths that should be restricted by the 'allowPaths' security setting. This vulnerability can be exploited to create cores with unintended configsets, using files accessible through the file system. Additionally, on Windows systems that permit UNC paths, this flaw could lead to the disclosure of NTLM 'user' hashes.

Impact

Exploitation of this vulnerability could result in unauthorized file access, allowing users to create Solr cores with unexpected configurations. In certain Windows environments, this could also cause the leakage of NTLM 'user' hashes.

Remediation

Users are advised to upgrade to Apache Solr version 9.10.1 or later, which addresses this vulnerability. Additionally, those using Solr's RuleBasedAuthorizationPlugin should ensure it is enabled and configure a permission list that restricts untrusted users from creating new Solr cores.