CVE-2024-45217

Apache Solr: ConfigSets created during a backup restore command are trusted implicitly

Severity Score

8.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

Insecure Default Initialization of Resource vulnerability in Apache Solr.

New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata.
ConfigSets that do not contain the flag are trusted implicitly if the metadata is missing, therefore this leads to "trusted" ConfigSets that may not have been created with an Authenticated request.
"trusted" ConfigSets are able to load custom code into classloaders, therefore the flag is supposed to only be set when the request that uploads the ConfigSet is Authenticated & Authorized.

This issue affects Apache Solr: from 6.6.0 before 8.11.4, from 9.0.0 before 9.7.0. This issue does not affect Solr instances that are secured via Authentication/Authorization.

Users are primarily recommended to use Authentication and Authorization when running Solr. However, upgrading to version 9.7.0, or 8.11.4 will mitigate this issue otherwise.

Vulnerabilidad de inicialización predeterminada insegura de recursos en Apache Solr. Los nuevos ConfigSets que se crean mediante un comando de restauración, que copian un configSet de la copia de seguridad y le dan un nuevo nombre, se crean sin configurar los metadatos "confiables". Los ConfigSets que no contienen el indicador se confían implícitamente si faltan los metadatos, por lo tanto, esto genera ConfigSets "confiables" que pueden no haberse creado con una solicitud autenticada. Los ConfigSets "confiables" pueden cargar código personalizado en los cargadores de clases, por lo tanto, se supone que el indicador solo se establece cuando la solicitud que carga el ConfigSet está autenticada y autorizada. Este problema afecta a Apache Solr: desde 6.6.0 hasta 8.11.4, desde 9.0.0 hasta 9.7.0. Este problema no afecta a las instancias de Solr que están protegidas mediante autenticación/autorización. Se recomienda principalmente a los usuarios que utilicen autenticación y autorización al ejecutar Solr. Sin embargo, actualizar a la versión 9.7.0 o 8.11.4 mitigará este problema.

*Credits: Liu Huajin

CVSS Scores

CISAv3.1 8.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-08-23 CVE Reserved
2024-10-16 CVE Published
2024-10-16 CVE Updated
2024-10-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-1188: Initialization of a Resource with an Insecure Default

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://solr.apache.org/security.html#cve-2024-45217-apache-solr-configsets-created-during-a-backup-restore-command-are-trusted-implicitly	2024-10-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Software Foundation Search vendor "Apache Software Foundation"		Apache Solr Search vendor "Apache Software Foundation" for product "Apache Solr"				>= 6.6.0 < 8.11.4 Search vendor "Apache Software Foundation" for product "Apache Solr" and version " >= 6.6.0 < 8.11.4"		en		Affected
Apache Software Foundation Search vendor "Apache Software Foundation"		Apache Solr Search vendor "Apache Software Foundation" for product "Apache Solr"				>= 9.0.0 < 9.7.0 Search vendor "Apache Software Foundation" for product "Apache Solr" and version " >= 9.0.0 < 9.7.0"		en		Affected