Relative Path Traversal Vulnerability in Apache Solr Affecting Windows Systems

CVE-2024-52012

What is CVE-2024-52012?

CVE-2024-52012 is a vulnerability present in Apache Solr, an open-source search platform widely used for enterprise search applications. This vulnerability arises from a relative path traversal issue within the "configset upload" API, primarily affecting installations on Windows systems. If exploited, attackers could leverage maliciously crafted ZIP files to write files outside the intended directories, leading to unauthorized access or modifications in the filesystem. Such a breach could severely impair an organization's data integrity and security posture, allowing for potential data leaks or system compromise.

Technical Details

The vulnerability stems from inadequate input sanitization within specific API functionalities of Apache Solr. The affected versions range from 6.6 to 9.7.0. Attackers can exploit this flaw by uploading ZIP files containing relative file paths that direct the write actions to unintended locations on the server. This behavior aligns with a known exploit mechanism termed "zipslip," which can facilitate unauthorized file manipulations. Therefore, organizations running vulnerable versions of Solr on Windows are urged to pay special attention to updating or applying mitigations.

Potential impact of CVE-2024-52012

1. Unauthorized File Access: By exploiting this vulnerability, an attacker can gain write access to sensitive areas of a system, potentially leading to unauthorized data exposure or manipulation.

2. Data Integrity Compromise: Malicious actors could replace or corrupt critical files within the system, adversely affecting application functionality and reliability.

3. Escalation of Attacks: Once initial access is gained, attackers can implement further exploits, leading to more extensive compromises across the infrastructure, potentially affecting other systems and data repositories.

References