CVE-2024-52012

Path Traversal
Affects
Apache Solr
<=9.0.0 <9.8.0
in
Apache Solr & Lucene
No items found.
Exclamation circle icon
Patch Available

This Vulnerability has been fixed in the Never-Ending Support (NES) version offered by HeroDevs

Overview

Apache Solr is an open-source search platform built on Apache Lucene, designed for scalable, high-performance search and indexing. It supports full-text search, faceted search, real-time indexing, distributed searching, and high availability. Solr is widely used in applications requiring fast and efficient search capabilities, such as e-commerce, enterprise search, and log analytics. 

A Path Traversal vulnerability (CVE-2024-52012) has been identified in the FileSystemConfigSetService. This vulnerability allows attackers to write data to unanticipated parts of the filesystem.

Per the Open Web Application Security Project (OWASP): "A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder by manipulating variables that reference files with 'dot-dot-slash (../)' sequences or absolute file paths, potentially exposing sensitive data such as application source code, configuration files, or critical system files."

This issue affects versions from 9.0.0 up to 9.7.0.

Details

Module Info

  • Package manager: Maven
  • Fixed in: Solr 9.8.0

Vulnerability Info

Apache Solr instances running on Windows are vulnerable to arbitrary file write attacks due to insufficient input validation in the configset upload API. This vulnerability, commonly referred to as ZipSlip, arises when maliciously crafted ZIP archives containing relative file paths (../ sequences) are uploaded. Because Solr does not properly sanitize these paths, an attacker can manipulate the extracted file locations, potentially writing files outside the intended directory.

If exploited, this vulnerability can allow attackers to overwrite critical system files or drop malicious files in unintended locations, potentially leading to privilege escalation, remote code execution (RCE), or full system compromise. By modifying configuration files, deploying web shells, or tampering with authentication mechanisms, an attacker could gain unauthorized access and persist within the system. This issue is particularly dangerous on Windows, where default permissions may not strictly enforce directory access controls, making it easier for an attacker to manipulate files and escalate privileges.

Steps To Reproduce

  1. Setup Solr Instance on windows machine
    1. Run in standalone mode
    2. Ensure config api upload is enabled (default)
  2. Prepare a Malicious Zip File
    1. Details for this step will not be provided
  3. Upload file to configset upload api
    1. See Upload a Configset
  4. Validate file was uploaded

Credit

  • rry

Mitigation

Apache Solr versions below or equal to 8.11.4 are no longer community-supported. The community support version will not receive any updates to address this issue. For more information, see here.

Users of the affected components should apply one of the following mitigations:

  • Upgrade Apache Solr to >=9.8.0 or use Solr’s “Rule-Based Authentication Plugin” to restrict access to the configset upload API.
  • Leverage a commercial support partner like HeroDevs for post-EOL security support.

Vulnerability Details
ID
CVE-2024-52012
PROJECT Affected
Apache Solr
Versions Affected
<=9.0.0 <9.8.0
Published date
March 21, 2025
≈ Fix date
March 21, 2025
Severity
Medium
Category
Path Traversal
Sign up for the latest vulnerability alerts fixed in
Apache Solr & Lucene NES
Rss feed icon
Subscribe via RSS
or
Thanks for signing up for our Newsletter! We look forward to connecting with you.
Oops! Something went wrong while submitting the form.