admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create Apache Solr Permission Bypass Vulnerability(CVE-2024-45216).md

Browse Source
This commit is contained in:
Goby 2024-10-31 19:12:31 +08:00 committed by GitHub
parent dbc102cc76
commit b27d068d93
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Apache Solr Permission Bypass Vulnerability(CVE-2024-45216).md Normal file
View File

@ -0,0 +1,14 @@
**Updated document date: October 31, 2024**
## Apache Solr /solr/admin/info/properties:/admin/info/key Permission Bypass Vulnerability(CVE-2024-45216)
| **Vulnerability** | Apache Solr /solr/admin/info/properties:/admin/info/key Permission Bypass Vulnerability(CVE-2024-45216)|
| :----: | :-----|
| **Chinese name** | Apache Solr /solr/admin/info/properties:/admin/info/key Permission Bypass Vulnerability(CVE-2024-45216) |
| **CVSS core** | 7.30 |
| **FOFA Query** (click to view the results directly)| [app="APACHE-Solr"]
| **Number of assets affected** | 82,722 |
| **Description** |Apache Solr is an open-source search server developed in Java language, mainly based on HTTP and Apache Lucene implementation. |
| **Impact** | The technical details and PoC of the vulnerability have been made public. There is an authentication bypass vulnerability when Apache Solr instances use the PKIAInformationPlugin (which may be enabled when Solr is started in SolrCloud mode and configured to use authentication). Attackers can bypass Solr's authentication mechanism by adding/admin/info/key at the end of the Solr API path, potentially accessing sensitive data or performing unauthorized operations.
| **Affected versions** |5.3.0 <= Apache Solr < 8.11.49.0.0 <= Apache Solr < 9.7.0
![](https://s3.bmp.ovh/imgs/2024/10/31/1451033749ff8068.gif)