Apache Solr, has been affected by two security vulnerabilities that could present serious risks for organizations running affected Solr instances, potentially exposing them to authentication bypasses and unauthorized code execution.
The critical vulnerability, tracked as CVE-2024-45216 with a CVSS score of 9.8, affects Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used.
A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path. This fake ending looks like an unprotected API path; however, it is stripped off internally after authentication but before API routing. This could allow attackers to execute commands and access data without proper credentials, potentially leading to data breaches and system compromise.
A second vulnerability tracked as CVE-2024-45217 with a CVSS score of 8.1, involves the insecure initialization of ConfigSets during a backup restore command.
New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the ‘trusted’ metadata. This could allow attackers to create “trusted” ConfigSets that can load custom code, potentially leading to remote code execution.
Users are urged to upgrade to Apache Solr 9.7.0 or 8.11.4 to address these vulnerabilities. The advisory also recommends enabling authentication and authorization for all Solr instances.
