VDB
CVE-2024-45216
CVE-2024-45216
PUBLISHED
Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path. This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing. This issue affects Apache Solr: from 5.3.0 before 8.11.4, from 9.0.0 before 9.7.0. Users are recommended to upgrade to version 9.7.0, or 8.11.4, which fix the issue.
EPSS 94.08% · 99.9th percentile
Risk Scores
EPSS Score
94.08%
99.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | solr | 9.0.0, 5.3.0 |
| Bitnami | solr | 5.3.0, 9.0.0 |
Exploit Intelligence
- congdong007/CVE-2024-45216-Poc (github-poc)
- congdong007/CVE-2024-45216-Poc (github-poc)
- congdong007/CVE-2024-45216-Poc (github-poc)
- congdong007/CVE-2024-45216-Poc (github-poc)
- congdong007/CVE-2024-45216-Poc (github-poc)
- congdong007/CVE-2024-45216-Poc (github-poc)
- congdong007/CVE-2024-45216-Poc (github-poc)
- congdong007/CVE-2024-45216-Poc (github-poc)
- congdong007/CVE-2024-45216-Poc (github-poc)
- index.html (github-poc)
…and 55 more exploits
Timeline
- Oct 15, 2024 CVE Published
- Oct 16, 2024 Coalition ESS Score
- Oct 17, 2024 EPSS Score
- Nov 5, 2024 EPSS Score
- Nov 23, 2024 EPSS Score
- Dec 13, 2024 EPSS Score
- Dec 31, 2024 EPSS Score
- Jan 19, 2025 EPSS Score
- Jan 25, 2025 Coalition ESS Score
- Feb 7, 2025 EPSS Score
- Feb 25, 2025 EPSS Score
- Mar 16, 2025 EPSS Score