Cyber Resilience

CVE-2024-45216

Critical

Published: 16 October 2024

Published
16 October 2024
Modified
01 July 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9408 99.9th percentile
Risk Priority 76 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-45216 is a critical-severity Improper Authentication (CWE-287) vulnerability in Apache Solr. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

Apache Solr contains an improper authentication vulnerability in the PKIAuthenticationPlugin, which is enabled by default whenever Solr authentication is configured. The flaw affects versions 5.3.0 through 8.11.3 and 9.0.0 through 9.6.1. An attacker can append a fabricated path segment to any Solr API URL that mimics an unauthenticated endpoint; the server accepts the request without credentials, strips the segment internally, and then routes the original protected path, bypassing authentication entirely.

Because the vulnerability is exploitable over the network without credentials or user interaction, a remote attacker can reach any API functionality that would normally require authentication, resulting in full compromise of the Solr instance including data access, modification, and deletion.

The Apache Solr security advisory recommends immediate upgrade to 8.11.4 or 9.7.0. The associated OpenWall disclosure reiterates the same fixed releases and notes that no workarounds are available.

The EPSS score has reached 0.94, indicating substantial exploitation interest following disclosure.

EU & UK References

Vulnerability details

Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow…

more

requests to skip Authentication while maintaining the API contract with the original URL Path. This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing. This issue affects Apache Solr: from 5.3.0 before 8.11.4, from 9.0.0 before 9.7.0. Users are recommended to upgrade to version 9.7.0, or 8.11.4, which fix the issue.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apache
solr
5.3.0 — 8.11.4 · 9.0.0 — 9.7.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-287 CWE-863

Session content review can reveal authentication bypasses or failures in session establishment.

addresses: CWE-287 CWE-863

Assessments check authentication mechanisms for correct implementation and effectiveness, reducing successful authentication bypass attempts.

addresses: CWE-287 CWE-863

Identity providers centralize and enforce authentication mechanisms, reducing improper authentication.

addresses: CWE-863 CWE-287

Enforces correct authorization checks during the identifier assignment process.

addresses: CWE-287 CWE-863

Personnel screening, identity verification, and access-agreement requirements support reliable authentication and reduce authentication bypass opportunities.

addresses: CWE-287 CWE-863

Decoy authentication surfaces detect bypass attempts and deflect real credential attacks through observable malicious interactions.

addresses: CWE-863

Periodic review and update of procedures reduces incorrect authorization implementations over time.

addresses: CWE-863

Supervision identifies cases where authorization logic incorrectly permits unauthorized actions.

References