{"id":"CVE-2020-13941","details":"Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.","aliases":["BIT-solr-2020-13941","GHSA-2467-h365-j7hm"],"modified":"2026-04-10T04:22:27.097758Z","published":"2020-08-17T13:15:12.037Z","references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/rbcd9dff009ed19ffcc2b09784595fc1098fc802a5472f81795f893be%40%3Ccommits.lucene.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/rf54e7912b7d2b72c63ec54a7afa4adcbf16268dcc63253767dd67d60%40%3Cgeneral.lucene.apache.org%3E"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/lucene-solr","events":[{"introduced":"0"},{"fixed":"a9c5fb0da2dfc8c7375622c80dbf1a0cc26f44dc"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"8.6.0"}]}}],"versions":["grafts/lucene-oldest","grafts/lucene-solr-copy","grafts/lucene-solr-oldest-merged","history/branches/lucene-solr/lucene-6997"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13941.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}