Strobes Advisory
Vulnerability disclosures from our security research team
Vulnerability disclosures from our security research team
A chain of path traversal via replication and XXE via XSLT allows authenticated users to read sensitive Solr configuration files including security.json with password hashes.
Reported to Vendor
This vulnerability has been reported to the vendor. Full details will be published after a CVE is allocated and the vendor has had time to release a fix.
Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.