Platform
java
Component
org.apache.solr:solr
Opgelost in
8.11.4
9.7.0
8.11.4
CVE-2024-45216 describes an authentication bypass vulnerability affecting Apache Solr instances utilizing the PKIAuthenticationPlugin. This plugin is enabled by default when Solr Authentication is active. An attacker can bypass authentication by appending a fake ending to any Solr API URL path, allowing them to access resources without proper authorization. This vulnerability impacts versions 5.3.0 before 8.11.4 and 9.0.0 before 9.7.0, and a fix is available.
The impact of CVE-2024-45216 is severe. Successful exploitation allows an attacker to bypass authentication and access sensitive data or perform unauthorized actions within the Solr environment. This could include reading or modifying data, executing arbitrary commands (depending on Solr configuration and permissions), and potentially gaining control of the entire system. The vulnerability's ease of exploitation, combined with the widespread use of Solr, makes it a high-priority risk. The fake ending technique is relatively simple to implement, requiring only the ability to craft HTTP requests. This bypass effectively renders authentication mechanisms useless, exposing the underlying Solr infrastructure to significant risk.
CVE-2024-45216 was publicly disclosed on 2024-10-16. While no active exploitation campaigns have been publicly confirmed, the ease of exploitation and the critical severity of the vulnerability suggest a high probability of exploitation. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept code is likely to emerge quickly, further increasing the risk. The vulnerability's impact is similar to other authentication bypass flaws, where a simple modification to a request can circumvent security controls.
Organizations heavily reliant on Apache Solr for search functionality, particularly those using the default PKIAuthenticationPlugin configuration, are at significant risk. Shared hosting environments where multiple users share a Solr instance are also particularly vulnerable, as an attacker compromising one user's account could potentially exploit this vulnerability to gain access to other users’ data. Legacy Solr deployments running older, unpatched versions are especially susceptible.
• linux / server:
journalctl -u solr | grep -i "authentication bypass"• generic web:
curl -I 'http://solr_server/solr/core_name/query?q=*:*&fake_ending' | grep 'WWW-Authenticate'• linux / server:
ps aux | grep -i pkiauthenticationplugindisclosure
patch
Exploit Status
EPSS
94.08% (100% percentiel)
CVSS-vector
The primary mitigation for CVE-2024-45216 is to upgrade to a patched version of Apache Solr. Upgrade to version 9.7.0 or 8.11.4 as soon as possible. If an immediate upgrade is not feasible, consider implementing temporary workarounds. While a direct WAF rule to block requests with unusual URL endings is possible, it may lead to false positives and disrupt legitimate traffic. Carefully review Solr authentication configurations and restrict access to sensitive APIs. Monitor Solr logs for suspicious activity, specifically looking for requests with unexpected URL paths. After upgrading, confirm the fix by attempting to access protected Solr APIs with a modified URL path containing a fake ending; authentication should be enforced.
Actualice Apache Solr a la versión 9.7.0 o 8.11.4, donde se ha corregido la vulnerabilidad. Esto evitará la posibilidad de eludir la autenticación mediante la manipulación de la URL.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2024-45216 is a critical vulnerability in Apache Solr allowing attackers to bypass authentication by adding a fake ending to API URLs, potentially gaining unauthorized access to data and functionality.
You are affected if you are running Apache Solr versions 5.3.0 before 8.11.4 or 9.0.0 before 9.7.0 and using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used.
Upgrade to Apache Solr version 9.7.0 or 8.11.4 to resolve the vulnerability. Consider temporary workarounds if an immediate upgrade is not possible.
While no active exploitation campaigns have been publicly confirmed, the vulnerability's severity and ease of exploitation suggest a high probability of exploitation.
Refer to the Apache Solr security advisory for detailed information and updates: https://security.apache.org/security/announce/CVE-2024-45216.html
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je pom.xml-bestand en we vertellen je direct of je getroffen bent.