Summary: Apache Solr has been identified as having two critical security vulnerabilities, CVE-2024-45216 and CVE-2024-45217, which could lead to authentication bypass and unauthorized code execution. Organizations using affected Solr instances are at risk of data breaches and system compromises if these vulnerabilities are not addressed promptly.
Threat Actor: Unknown | unknown
Victim: Organizations using Apache Solr | Organizations using Apache Solr
Key Point :
- Critical vulnerability CVE-2024-45216 allows attackers to bypass authentication via manipulated API URLs.
- Moderate vulnerability CVE-2024-45217 enables insecure initialization of ConfigSets during backup restores, risking remote code execution.
- Users are advised to upgrade to Apache Solr 9.7.0 or 8.11.4 and implement authentication and authorization measures.
Apache Solr, a highly reliable and scalable search platform powering the search functionalities of some of the world’s largest internet sites, has been the target of two newly disclosed security vulnerabilities, CVE-2024-45216 and CVE-2024-45217. These vulnerabilities present serious risks for organizations running affected Solr instances, potentially exposing them to authentication bypasses and unauthorized code execution.
The critical vulnerability, tracked as CVE-2024-45216, affects Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used.
“A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path,” the advisory explains. “This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing.”
This flaw could allow attackers to execute commands and access data without proper credentials, potentially leading to data breaches and system compromise.
A second vulnerability, CVE-2024-45217, rated as “Moderate,” involves the insecure initialization of ConfigSets during a backup restore command. This could allow attackers to create “trusted” ConfigSets that can load custom code, potentially leading to remote code execution.
“New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the ‘trusted’ metadata,” the advisory states.
Mitigation
Users are urged to upgrade to Apache Solr 9.7.0 or 8.11.4 to address these vulnerabilities. The advisory also recommends enabling authentication and authorization for all Solr instances.
“Users are primarily recommended to use Authentication and Authorization when running Solr,” the project emphasizes.