What is CVE-2024-45216?

CVE-2024-45216 is a vulnerability in Apache Software Foundation Solr, classified under Improper Authentication. Published 2024-10-16.

Is CVE-2024-45216 known to be exploited?

27 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Apache Software Foundation Solr

CVE-2024-45216

Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any…

Vulnerability class: Broken Authentication

EPSS: 0.941 (99.9th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Solr — versions 5.3.0, 9.0.0

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

congdong007/CVE-2024-45216-Poc
20142995/nuclei-templates
DMW11525708/wiki
J1ezds/Vulnerability-Wiki-page
Lern0n/Lernon-POC
Linxloop/fork_
Threekiii/Awesome-POC
Threekiii/CVE
XiaomingX/awesome-poc-for-red-team
XiaomingX/nice-juejin-article

References

solr.apache.org/security.html (vendor-advisory)

Frequently asked questions

What is CVE-2024-45216?: CVE-2024-45216 is a vulnerability in Apache Software Foundation Solr, classified under Improper Authentication. Published 2024-10-16.
Is CVE-2024-45216 known to be exploited?: 27 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.