9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-45216

GHSA ID

GHSA-mjvf-4h88-6xm3

EPSS Score

0.99866%

CWE

CWE-287

Published

10/16/2024

Updated

10/16/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-45216

CVE-2024-45216: Improper Authentication vulnerability in Apache Solr

Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path. This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing.

This issue affects Apache Solr: from 5.3.0 before 8.11.4, from 9.0.0 before 9.7.0.

Users are recommended to upgrade to version 9.7.0, or 8.11.4, which fix the issue.

(GitHub Advisory)

9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-45216

GHSA ID

GHSA-mjvf-4h88-6xm3

EPSS Score

0.99866%

CWE

CWE-287

Published

10/16/2024

Updated

10/16/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.solr:solr	maven	>= 5.3.0, < 8.11.4	8.11.4
org.apache.solr:solr	maven	>= 9.0.0, < 9.7.0	9.7.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from path processing sequence where:

Authentication checks occur on the original URL (including fake endings)
Path gets normalized/stripped after authentication
Routing uses the modified path

This creates a mismatch between the authenticated path and executed path. The PKIAuthenticationPlugin.authenticate method would appear in runtime profiles during exploitation as it's the entry point for authentication decisions using the vulnerable path handling. The JIRA ticket SOLR-17417 and reproduction steps confirm the authentication bypass occurs through path manipulation handled by this plugin.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Solr inst*n**s usin* t** PKI*ut**nti**tionPlu*in, w*i** is *n**l** *y ****ult w**n Solr *ut**nti**tion is us**, *r* vuln*r**l* to *ut**nti**tion *yp*ss. * **k* *n*in* *t t** *n* o* *ny Solr *PI URL p*t*, will *llow r*qu*sts to skip *ut**nti**tion w*i

Reasoning

T** vuln*r**ility st*ms *rom p*t* pro**ssin* s*qu*n** w**r*: *. *ut**nti**tion ****ks o**ur on t** ori*in*l URL (in*lu*in* **k* *n*in*s) *. P*t* **ts norm*liz**/stripp** **t*r *ut**nti**tion *. Routin* us*s t** mo*i*i** p*t* T*is *r**t*s * mism*t**

9.8

Basic Information

Concerned about an active attack path?

CVE-2024-45216: Improper Authentication vulnerability in Apache Solr

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI