Apache Solr - CVE-2024-45216
Introduction
The Sensitive Information Disclosure vulnerability in Apache Solr, occurs when sensitive data, such as system configuration, environment details, or other confidential information, is unintentionally exposed due to improper access control. Apache Solr, a search platform built on Apache Lucene, can be misconfigured to allow unauthorized users to access its administrative APIs or endpoints, revealing critical data.
Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path. This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing. This issue affects Apache Solr: from 5.3.0 before 8.11.4, from 9.0.0 before 9.7.0. Users are recommended to upgrade to version 9.7.0, or 8.11.4, which fix the issue.
Common Causes
Improper API Security: Leaving the Solr admin interface open without authentication or authorization.
Exposed Config Files: Sensitive configuration files like "solr.xml" or "schema.xml" can be accessible, leaking database connections, credentials, or other sensitive configurations.
Debug Information: Debug or verbose error messages may reveal internal workings or sensitive data paths.
Mitigations
Mitigations include securing Solr with proper authentication (like basic auth or a firewall), restricting access to trusted IPs, and disabling unnecessary logging or verbose error messages.
Matrices
ADP : CISA-ADP
Base Score : 9.8 CRITICAL
Vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
REFERENCES
Last updated