- Description
- Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem. This issue affects Apache Solr: from 6.6 through 9.7.0. Users are recommended to upgrade to version 9.8.0, which fixes the issue. Users unable to upgrade may also safely prevent the issue by using Solr's "Rule-Based Authentication Plugin" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users.
- Source
- security@apache.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 5.4
- Impact score
- 2.5
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
- security@apache.org
- CWE-23
- Hype score
- Not currently trending
Apache Solr の脆弱性 CVE-2024-52012/24814 が FIX:ただちにパッチを! https://t.co/Nefzesc0GB Apache Solr の2つの脆弱性が FIX しました。すでにパッチ・バージョンがリリースされていますが、緩和策もあるようです。ご利用のチームは、ご確認ください。 #Apache #API #CVE202452012… https://t.co/g5jU7VktfX
@iototsecnews
5 Feb 2025
84 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Threat Alert: Apache Solr Vulnerabilities CVE-2024-52012 and CVE-2025-24814 Expose Systems to CVE-2025-24814 CVE-2024-52012 Severity: 🔴 High Maturity: 💢 Emerging Learn more: https://t.co/lZbohqjzl2 #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
28 Jan 2025
47 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Apache Solr Vulnerabilities CVE-2024-52012 and CVE-2025-24814 Expose Systems to File Write and Code Execution Risks https://t.co/7o0N7idjhR
@Dinosn
27 Jan 2025
2018 Impressions
10 Retweets
22 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2024-52012 Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-san… https://t.co/NO6Fl0gsrM
@CVEnew
27 Jan 2025
536 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24814: Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files https://t.co/gpIKdVQC7t CVE-2024-52012: Apache Solr: Configset upload on Windows allows arbitrary path write-access https://t.co/OygBilIUyF
@oss_security
26 Jan 2025
259 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-52012 CVE-2024-52012 https://t.co/eRYTQbWrcc
@VulmonFeeds
26 Jan 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes