Apache Solr Security Update Advisory

Oct 22 2024

Overview

An update has been released to address vulnerabilities in Apache Solr. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-45216

Apache Solr versions: 5.3.0 (inclusive) ~ 8.11.4 (excluded)
Apache Solr versions: 9.0.0 (inclusive) ~ 9.7.0 (excluded)

CVE-2024-45217

Apache Solr versions: 6.6.0 (inclusive) ~ 8.11.4 (excluded)
Apache Solr versions: 9.0.0 (inclusive) ~ 9.7.0 (excluded)

Resolved Vulnerabilities

Vulnerability that allows authentication bypass in instances using PKIAuthenticationPlugin in Apache Solr (CVE-2024-45216)

Vulnerability in Apache Solr that could allow new ConfigSets created via backup to be considered “trusted” even with unauthenticated requests (CVE-2024-45217)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-45216, CVE-2024-45217

Apache Solr version: 8.11.4
Apache Solr version: 9.7.0

Referenced Sites

[1] CVE-2024-45216 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-45216

[2] CVE-2024-45217 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-45217

[3] Solr™ Security News¶

https://solr.apache.org/security.html

Apache Solr Security Update Advisory

Dell Product Security Update Advisory (CVE-2024-45766)

Protobuf Library Security Update Advisory (CVE-2024-7254)

Tags:

Dell Product Security Update Advisory (CVE-2024-45766)

Protobuf Library Security Update Advisory (CVE-2024-7254)