Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Improper Authentication and Insecure Default Initialization Of Resource In Apache Solr, Patch Immediately!
Image
Published : 17/10/2024
Reference:
Advisory #2024-243
Version:
1.0
Affected software:
Apache Solr versions prior to 9.7.0 and 8.11.4
Type:
Authentication Bypass and Insecure Initialization of Resource
CVE/CVSS:
CVE-2024-45216: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVE-2024-45217: CVSS 8.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)
Sources
Apache: https://solr.apache.org/security.html - cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending
Apache: https://solr.apache.org/security.html - cve-2024-45217-apache-solr-configsets-created-during-a-backup-restore-command-are-trusted-implicitly
Risks
A critical Improper Authentication vulnerability (CVE-2024-45216) in Apache Solr instances using the PKIAuthenticationPlugin are vulnerable to authentication bypass.
A high Insecure Default Initialization of Resource vulnerability (CVE-2024-45217) in Apache Solr could allow to load custom code into class loaders.
Description
CVE-2024-45216 is a critical security issue (CVSS 9.8 according to CISA-ADP) discovered in Apache Solr. Manipulation of the Solr API URL path will allow requests to skip authentication while maintaining the API contract with the original URL path.
CVE-2024-45217 is a high security issue (CVSS 8.1 according to CISA-ADP) in Apache Solr. New ConfigSets that are created via a restore command, don’t have the setting “trusted” metadata. These are trusted implicitly and such ConfigSets could allow to load custom code.
Both vulnerabilities have a high impact on confidentiality and integrity. The former (CVE-2024-45216) could also have highly impact on availability.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.