SB2024101504 - Multiple vulnerabilities in Apache Solr

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper Authentication (CVE-ID: CVE-2024-45216)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in the PKIAuthenticationPlugin when handling URLs. A remote attacker can bypass authentication process using a fake URL ending at the end of any Solr API URL path and gain unauthorized access to the application.

2) Insufficient verification of data authenticity (CVE-ID: CVE-2024-45217)

The vulnerability allows a remote attacker to compromise the affected instance.

The vulnerability exists due to ConfigSets created during a backup restore command are trusted implicitly. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the flag are trusted implicitly if the metadata is missing, therefore this leads to "trusted" ConfigSets that may not have been created with an Authenticated request.

Remediation

Install update from vendor's website.

References

• https://lists.apache.org/thread/tscn3mp24h1otb8t7hx7mr4fqxto9hw3
• https://issues.apache.org/jira/browse/SOLR-17417
• https://issues.apache.org/jira/browse/SOLR-17418