Goobi Viewer Unauthenticated Solr Streaming Expression Proxy Vulnerability

A critical vulnerability exists in the Goobi Viewer REST endpoint POST /api/v1/index/stream, in versions 4.8.0 prior to 26.04.1. This endpoint accepted arbitrary Solr streaming expressions from unauthenticated network clients and forwarded them to the backend Solr server without any restrictions. As a result, an attacker could read the entire Solr index and, in default Solr deployments, also modify or delete indexed records. The vulnerability has been addressed by removing the endpoint altogether.

Impact

Exploitation of this vulnerability allowed for unrestricted access to the Solr index, including documents protected by access conditions. Additionally, it enabled unauthorized modification or deletion of indexed data.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /api/v1/index/stream endpoint with a Solr streaming expression. This can be done using a tool like curl or Postman, without any authentication.

Remediation

Users are advised to update to Goobi Viewer version 26.04.1 or later. If an immediate update is not possible, the endpoint can be blocked using a reverse proxy or by modifying the Tomcat configuration to deny access to the /api/v1/index/stream endpoint.