Description

Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API.  Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem.   This issue affects Apache Solr: from 6.6 through 9.7.0. Users are recommended to upgrade to version 9.8.0, which fixes the issue.  Users unable to upgrade may also safely prevent the issue by using Solr's "Rule-Based Authentication Plugin" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users.

INFO

Published Date :

2025-01-27T08:54:42.907Z

Last Modified :

2025-02-06T16:11:37.353Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2024-52012 vulnerability.

Vendors Products
Apache
  • Solr
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-52012.

URL Resource
http://www.openwall.com/lists/oss-security/2025/01/26/2 cve-icon
https://lists.apache.org/thread/yp39pgbv4vf1746pf5yblz84lv30vfxd cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact