Platform
java
Component
org.apache.solr:solr
Fixed in
8.11.4
9.7.0
8.11.4
CVE-2024-45216 describes an authentication bypass vulnerability affecting Apache Solr instances utilizing the PKIAuthenticationPlugin. This plugin is enabled by default when Solr Authentication is active. An attacker can bypass authentication by appending a fake ending to any Solr API URL path, allowing them to access resources without proper authorization. This vulnerability impacts versions 5.3.0 before 8.11.4 and 9.0.0 before 9.7.0, and a fix is available.
The impact of CVE-2024-45216 is severe. Successful exploitation allows an attacker to bypass authentication and access sensitive data or perform unauthorized actions within the Solr environment. This could include reading or modifying data, executing arbitrary commands (depending on Solr configuration and permissions), and potentially gaining control of the entire system. The vulnerability's ease of exploitation, combined with the widespread use of Solr, makes it a high-priority risk. The fake ending technique is relatively simple to implement, requiring only the ability to craft HTTP requests. This bypass effectively renders authentication mechanisms useless, exposing the underlying Solr infrastructure to significant risk.
CVE-2024-45216 was publicly disclosed on 2024-10-16. While no active exploitation campaigns have been publicly confirmed, the ease of exploitation and the critical severity of the vulnerability suggest a high probability of exploitation. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept code is likely to emerge quickly, further increasing the risk. The vulnerability's impact is similar to other authentication bypass flaws, where a simple modification to a request can circumvent security controls.
Exploit Status
EPSS
94.08% (100% percentile)
CVSS Vector
The primary mitigation for CVE-2024-45216 is to upgrade to a patched version of Apache Solr. Upgrade to version 9.7.0 or 8.11.4 as soon as possible. If an immediate upgrade is not feasible, consider implementing temporary workarounds. While a direct WAF rule to block requests with unusual URL endings is possible, it may lead to false positives and disrupt legitimate traffic. Carefully review Solr authentication configurations and restrict access to sensitive APIs. Monitor Solr logs for suspicious activity, specifically looking for requests with unexpected URL paths. After upgrading, confirm the fix by attempting to access protected Solr APIs with a modified URL path containing a fake ending; authentication should be enforced.
Upgrade Apache Solr to version 9.7.0 or 8.11.4, where the vulnerability has been fixed. This will prevent the possibility of bypassing authentication through URL manipulation.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-45216 is a critical vulnerability in Apache Solr allowing attackers to bypass authentication by adding a fake ending to API URLs, potentially gaining unauthorized access to data and functionality.
You are affected if you are running Apache Solr versions 5.3.0 before 8.11.4 or 9.0.0 before 9.7.0 and using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used.
Upgrade to Apache Solr version 9.7.0 or 8.11.4 to resolve the vulnerability. Consider temporary workarounds if an immediate upgrade is not possible.
While no active exploitation campaigns have been publicly confirmed, the vulnerability's severity and ease of exploitation suggest a high probability of exploitation.
Refer to the Apache Solr security advisory for detailed information and updates: https://security.apache.org/security/announce/CVE-2024-45216.html
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your pom.xml file and we'll tell you instantly if you're affected.