CVE-2023-50386: CWE-434 Unrestricted Upload of File with Dangerous Type in Apache Software Foundation Apache Solr
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API. When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups). If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted. When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. In these versions, the following protections have been added: * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader. * The Backup API restricts saving backups to directories that are used in the ClassLoader.
AI Analysis
Technical Summary
CVE-2023-50386 is a high-severity vulnerability affecting Apache Solr versions from 6.0.0 through 8.11.2 and from 9.0.0 before 9.4.1. The core issue lies in the improper control of dynamically-managed code resources (CWE-913) combined with unrestricted upload of files with dangerous types (CWE-434). Specifically, the vulnerability allows malicious actors with Backup permissions to upload Java JAR and class files via the ConfigSets API. These files, when saved to disk during Solr Collection backups using the default LocalFileSystemRepository, could be placed in directories that are part of Solr's ClassPath or ClassLoaders. This means that uploaded malicious code could be loaded and executed by Solr, effectively allowing code execution within the Solr environment. The vulnerability is particularly critical because it does not require user interaction and can be exploited remotely over the network (Attack Vector: Network). However, it does require privileges equivalent to Backup permissions (Privileges Required: Low), and no user interaction is needed. When Solr is configured with authorization enabled (recommended best practice), the vulnerability is limited to users who already have Backup permissions, but this still represents a significant risk as it extends those permissions to allow arbitrary code execution. The vulnerability impacts confidentiality, integrity, and availability, as an attacker could execute arbitrary code, potentially leading to data breaches, data manipulation, or service disruption. The Apache Software Foundation has addressed this issue in versions 8.11.3 and 9.4.1 by preventing uploads of executable files via the ConfigSets API and restricting backup locations to directories not used by the ClassLoader. No known exploits are currently reported in the wild, but the high CVSS score of 8.8 indicates a critical risk if exploited. Organizations running affected versions should prioritize upgrading to the fixed versions to mitigate this threat.
Potential Impact
For European organizations, the impact of CVE-2023-50386 can be severe, especially for those relying on Apache Solr for search and indexing services in critical applications such as e-commerce, government portals, financial services, and large-scale data analytics. Exploitation could lead to unauthorized code execution, enabling attackers to compromise sensitive data, manipulate search results, disrupt service availability, or pivot to other internal systems. Given Solr's role in indexing and search, an attacker could also inject malicious content or alter search behavior, undermining trust and operational integrity. The vulnerability's requirement for Backup permissions means insider threats or compromised accounts with elevated privileges pose a significant risk. Additionally, the ability to execute arbitrary code could facilitate ransomware deployment or persistent backdoors, impacting business continuity and regulatory compliance under GDPR and other European data protection laws. The absence of known exploits currently provides a window for proactive mitigation, but the high severity and ease of exploitation over the network necessitate urgent action.
Mitigation Recommendations
1. Immediate upgrade to Apache Solr versions 8.11.3 or 9.4.1, which contain fixes that prevent uploading executable files via the ConfigSets API and restrict backup directories to safe locations. 2. Audit and restrict Backup permissions rigorously, ensuring only trusted administrators have this capability. 3. Implement strict access controls and monitoring on the ConfigSets API usage to detect and block unauthorized file uploads. 4. Review and harden Solr's ClassPath and ClassLoader configurations to prevent loading code from untrusted directories. 5. Employ network segmentation and firewall rules to limit access to Solr management interfaces, reducing exposure to potential attackers. 6. Enable comprehensive logging and alerting for backup operations and file uploads to detect suspicious activity promptly. 7. Conduct regular security assessments and penetration testing focused on Solr deployments to identify and remediate configuration weaknesses. 8. Consider deploying runtime application self-protection (RASP) or endpoint detection tools that can detect anomalous code execution within Solr processes. 9. Educate administrators on the risks associated with Backup permissions and the importance of following the principle of least privilege. These measures go beyond generic advice by focusing on the specific attack vectors and operational contexts of this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Belgium, Poland, Austria
CVE-2023-50386: CWE-434 Unrestricted Upload of File with Dangerous Type in Apache Software Foundation Apache Solr
Description
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API. When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups). If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted. When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. In these versions, the following protections have been added: * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader. * The Backup API restricts saving backups to directories that are used in the ClassLoader.
AI-Powered Analysis
Technical Analysis
CVE-2023-50386 is a high-severity vulnerability affecting Apache Solr versions from 6.0.0 through 8.11.2 and from 9.0.0 before 9.4.1. The core issue lies in the improper control of dynamically-managed code resources (CWE-913) combined with unrestricted upload of files with dangerous types (CWE-434). Specifically, the vulnerability allows malicious actors with Backup permissions to upload Java JAR and class files via the ConfigSets API. These files, when saved to disk during Solr Collection backups using the default LocalFileSystemRepository, could be placed in directories that are part of Solr's ClassPath or ClassLoaders. This means that uploaded malicious code could be loaded and executed by Solr, effectively allowing code execution within the Solr environment. The vulnerability is particularly critical because it does not require user interaction and can be exploited remotely over the network (Attack Vector: Network). However, it does require privileges equivalent to Backup permissions (Privileges Required: Low), and no user interaction is needed. When Solr is configured with authorization enabled (recommended best practice), the vulnerability is limited to users who already have Backup permissions, but this still represents a significant risk as it extends those permissions to allow arbitrary code execution. The vulnerability impacts confidentiality, integrity, and availability, as an attacker could execute arbitrary code, potentially leading to data breaches, data manipulation, or service disruption. The Apache Software Foundation has addressed this issue in versions 8.11.3 and 9.4.1 by preventing uploads of executable files via the ConfigSets API and restricting backup locations to directories not used by the ClassLoader. No known exploits are currently reported in the wild, but the high CVSS score of 8.8 indicates a critical risk if exploited. Organizations running affected versions should prioritize upgrading to the fixed versions to mitigate this threat.
Potential Impact
For European organizations, the impact of CVE-2023-50386 can be severe, especially for those relying on Apache Solr for search and indexing services in critical applications such as e-commerce, government portals, financial services, and large-scale data analytics. Exploitation could lead to unauthorized code execution, enabling attackers to compromise sensitive data, manipulate search results, disrupt service availability, or pivot to other internal systems. Given Solr's role in indexing and search, an attacker could also inject malicious content or alter search behavior, undermining trust and operational integrity. The vulnerability's requirement for Backup permissions means insider threats or compromised accounts with elevated privileges pose a significant risk. Additionally, the ability to execute arbitrary code could facilitate ransomware deployment or persistent backdoors, impacting business continuity and regulatory compliance under GDPR and other European data protection laws. The absence of known exploits currently provides a window for proactive mitigation, but the high severity and ease of exploitation over the network necessitate urgent action.
Mitigation Recommendations
1. Immediate upgrade to Apache Solr versions 8.11.3 or 9.4.1, which contain fixes that prevent uploading executable files via the ConfigSets API and restrict backup directories to safe locations. 2. Audit and restrict Backup permissions rigorously, ensuring only trusted administrators have this capability. 3. Implement strict access controls and monitoring on the ConfigSets API usage to detect and block unauthorized file uploads. 4. Review and harden Solr's ClassPath and ClassLoader configurations to prevent loading code from untrusted directories. 5. Employ network segmentation and firewall rules to limit access to Solr management interfaces, reducing exposure to potential attackers. 6. Enable comprehensive logging and alerting for backup operations and file uploads to detect suspicious activity promptly. 7. Conduct regular security assessments and penetration testing focused on Solr deployments to identify and remediate configuration weaknesses. 8. Consider deploying runtime application self-protection (RASP) or endpoint detection tools that can detect anomalous code execution within Solr processes. 9. Educate administrators on the risks associated with Backup permissions and the importance of following the principle of least privilege. These measures go beyond generic advice by focusing on the specific attack vectors and operational contexts of this vulnerability.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- apache
- Date Reserved
- 2023-12-07T17:14:22.179Z
- Cisa Enriched
- true
Threat ID: 682d983fc4522896dcbf0d83
Added to database: 5/21/2025, 9:09:19 AM
Last enriched: 6/22/2025, 2:50:26 AM
Last updated: 7/31/2025, 7:20:05 PM
Views: 13
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.