Access Control: Apache Solr \<=8.8.1 - Local File Inclusion¶

Identifier: apache_solr_file_read

Scanner(s) Support¶

Description¶

Apache Solr versions prior to and including 8.8.1 are vulnerable to local file inclusion.

Reference:

• https://twitter.com/Al1ex4/status/1382981479727128580
• https://nsfocusglobal.com/apache-solr-arbitrary-file-read-and-ssrf-vulnerability-threat-alert/
• https://twitter.com/sec715/status/1373472323538362371

Configuration¶

Example¶

Example configuration:

---
security_tests:
  apache_solr_file_read:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

assets_allowed¶

Type : List[AssetType]*

List of assets that this check will cover.

skip¶

Type : boolean

Skip the test if true.