Overview
- Description
- Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the flag are trusted implicitly if the metadata is missing, therefore this leads to "trusted" ConfigSets that may not have been created with an Authenticated request. "trusted" ConfigSets are able to load custom code into classloaders, therefore the flag is supposed to only be set when the request that uploads the ConfigSet is Authenticated & Authorized. This issue affects Apache Solr: from 6.6.0 before 8.11.4, from 9.0.0 before 9.7.0. This issue does not affect Solr instances that are secured via Authentication/Authorization. Users are primarily recommended to use Authentication and Authorization when running Solr. However, upgrading to version 9.7.0, or 8.11.4 will mitigate this issue otherwise.
- Source
- security@apache.org
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
Weaknesses
- security@apache.org
- CWE-1188
Social media
- Hype score
- Not currently trending
CVE-2024-45217 (CVSS:8.1, HIGH) is Awaiting Analysis. Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore..https://t.co/MvuMmwxVKu #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
21 Oct 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-45217 Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the back… https://t.co/9kXBzdYW0m
@CVEnew
406 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: Critical Improper Authentication (#CVE-2024-45216 / CVSS: 9.8) and Insecure Default Initialization of Resource (CVE-2024-45217 / CVSS: 8.1) vulnerability in @ApacheSolr. Vulnerabilities can lead to auth bypass & unauthorized code execution! #Patch https://t.co/lOBeRf
@CCBalert
252 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Authentication Bypass Vulnerability Patched in #Apache Solr Protect your organization from the risks of CVE-2024-45216 & CVE-2024-45217, two critical vulnerabilities in #ApacheSolr https://t.co/F3AwnNRA0i
@the_yellow_fall
543 Impressions
5 Retweets
12 Likes
1 Bookmark
0 Replies
0 Quotes
Apache Solr fixes Critical Vulnerability CVE-2024-45216 #ApacheSolr #CVE-2024-45216 #CVE-2024-45217 https://t.co/C0Yd9VvJJB
@pravin_karthik
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes