CVE-2024-52012

CWE-237 documents6 sources
Severity
5.4MEDIUM
EPSS
13.5%
top 5.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache SolrApache Software Foundation Apache Solr
Timeline
PublishedJan 27
Latest updateJan 29

Description

Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem. This issue affects Apache Solr: from 6.6 through 9.7.0. Users are recommended to upgrade to version 9.8.0, which fixes the issue. Users unable to

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages3 packages

NVDapache/solr6.6.09.8.0
Mavenorg.apache.solr:solr-core6.69.8.0

🔴Vulnerability Details

3
CVEList
Apache Solr: Configset upload on Windows allows arbitrary path write-access2025-01-27
OSV
Apache Solr Relative Path Traversal vulnerability2025-01-27
GHSA
Apache Solr Relative Path Traversal vulnerability2025-01-27

🔍Detection Rules

2
Suricata
ET WEB_SPECIFIC_APPS Apache Solr ConfigSet APIv1 Upload Relative Path Traversal (CVE-2024-52012)2025-01-29
Suricata
ET WEB_SPECIFIC_APPS Apache Solr ConfigSet APIv2 Upload Relative Path Traversal (CVE-2024-52012)2025-01-29

📋Vendor Advisories

1
Debian
CVE-2024-52012: lucene-solr - Relative Path Traversal vulnerability in Apache Solr. Solr instances running on...2024
CVE-2024-52012 (MEDIUM CVSS 5.4) | Relative Path Traversal vulnerabili | cvebase.io