CVE-2026-22444 (CNNVD-202601-3431)

HIGH
中文标题:
Apache Solr 安全漏洞
英文标题:
Apache Solr: Insufficient file-access checking in standalone core-creation requests
CVSS分数: 7.1
发布时间: 2026-01-21 13:40:24
漏洞类型: 其他
状态: PUBLISHED
数据质量分数: 0.40
数据版本: v4
漏洞描述
中文描述:

Apache Solr是美国阿帕奇(Apache)基金会的一款基于Lucene(一款全文搜索引擎)的搜索服务器。该产品支持层面搜索、垂直搜索、高亮显示搜索结果等。 Apache Solr 8.6版本至9.10.0版本存在安全漏洞,该漏洞源于创建核心API对某些参数输入验证不足,可能导致用户使用意外配置集创建核心,或在Windows系统上泄露NTLM用户哈希。

英文描述:

The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting https://https://solr.apache.org/guide/solr/latest/configuration-guide/configuring-solr-xml.html#the-solr-element .  These read-only accesses can allow users to create cores using unexpected configsets if any are accessible via the filesystem.  On Windows systems configured to allow UNC paths this can additionally cause disclosure of NTLM "user" hashes.  Solr deployments are subject to this vulnerability if they meet the following criteria: * Solr is running in its "standalone" mode. * Solr's "allowPath" setting is being used to restrict file access to certain directories. * Solr's "create core" API is exposed and accessible to untrusted users.  This can happen if Solr's RuleBasedAuthorizationPlugin https://solr.apache.org/guide/solr/latest/deployment-guide/rule-based-authorization-plugin.html is disabled, or if it is enabled but the "core-admin-edit" predefined permission (or an equivalent custom permission) is given to low-trust (i.e. non-admin) user roles. Users can mitigate this by enabling Solr's RuleBasedAuthorizationPlugin (if disabled) and configuring a permission-list that prevents untrusted users from creating new Solr cores.  Users should also upgrade to Apache Solr 9.10.1 or greater, which contain fixes for this issue.

CWE类型:
CWE-20
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
Apache Software Foundation Apache Solr - ≤ 9.10.0 - cpe:2.3:a:apache_software_foundation:apache_solr:*:*:*:*:*:*:*:*
apache solr * - - cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
无标题 vendor-advisory
cve.org
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
CVSS评分详情
3.1 (adp)
HIGH
7.1
CVSS向量: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
机密性
HIGH
完整性
LOW
可用性
NONE
时间信息
发布时间:
2026-01-21 13:40:24
修改时间:
2026-01-21 15:39:04
创建时间:
2026-01-22 06:00:08
更新时间:
2026-01-28 06:00:19
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2026-22444 2026-01-22 03:19:50 2026-01-21 22:00:08
NVD nvd_CVE-2026-22444 2026-01-22 02:00:05 2026-01-21 22:00:14
CNNVD cnnvd_CNNVD-202601-3431 2026-01-26 02:10:03 2026-01-25 18:11:56
版本与语言
当前版本: v4
主要语言: EN
支持语言:
ZH EN
安全公告
暂无安全公告信息
变更历史
v4 NVD
2026-01-28 06:00:19
affected_products_count: 1 → 2
查看详细变更
  • affected_products_count: 1 -> 2
v3 CNNVD
2026-01-26 02:11:56
vulnerability_type: 未提取 → 其他; cnnvd_id: 未提取 → CNNVD-202601-3431; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 其他
  • cnnvd_id: 未提取 -> CNNVD-202601-3431
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2026-01-22 06:00:14
references_count: 1 → 2; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • references_count: 1 -> 2
  • data_sources: ['cve'] -> ['cve', 'nvd']