October 17, 2024
Dipsy Kapoor
|
Two new Solr vulnerabilities have been recently identified. We want to share the information available and the recommended mitigation measures as part of our commitment to improving the security for our customer’s Solr deployments and services.
These vulnerabilities were originally reported on October 14, 2024 and are being tracked as CVE-2024-45217 with a CVSS score of 8.1 (High) and CVE-2024-45216 with a CVSS score of 9.8 (Critical).
Description of Solr Vulnerability
Insecure Default Initialization of Resource vulnerability in Apache Solr.
New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the “trusted” metadata. ConfigSets that do not contain the flag are trusted implicitly if the metadata is missing, therefore this leads to “trusted” ConfigSets that may not have been created with an Authenticated request. “trusted” ConfigSets are able to load custom code into classloaders, therefore the flag is supposed to only be set when the request that uploads the ConfigSet is Authenticated & Authorized.
Affected Deployments
Deployments using Solr 6.6.0 through 8.11.3 or Solr 9.0.0 through 9.6.0.
Recommended Mitigations
It is recommended to take one of the following actions if your deployments are using an affected Solr version:
Description of Solr Vulnerability
Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path
Affected Deployments
Deployments on Solr 5.3.0 through 8.11.3 or Solr 9.0.0 through 9.6.0 using the PKI Authentication Plugin. This plugin is used by SearchStax for Basic Authentication. Inter-node communication might be handled by PKI Authentication Plugin as explained here, however since individual nodes are not accessible with SearchStax, SearchStax deployments are not vulnerable.
Recommended Mitigations
SearchStax deployments are unaffected due to the inaccessibility of individual nodes via authentication. If you’d like to further increase security in general, you are encouraged to take either of the following actions:
The Stack is delivered bi-monthly with industry trends, insights, products and more
Copyrights © SearchStax Inc.2014-2024. All Rights Reserved.
SearchStax Site Search solution is engineered to give marketers the agility they need to optimize site search outcomes. Get full visibility into search analytics and make real-time changes with one click.
close
SearchStax Managed Search service automates, manages and scales hosted Solr infrastructure in public or private clouds. Free up developers for value-added tasks and reduce costs with fewer incidents.
close
close