A safety alert issued for Apache Solr has acquired an replace from BSI. You can learn how affected customers ought to behave right here.
Federal workplace for Security in Information Technology (BSI) issued an replace on May 23, 2024 for the Apache Solr safety vulnerability recognized on January 14, 2024. The safety vulnerability impacts the Linux working system and the Red Hat Enterprise Linux and Apache Solr merchandise.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability might be discovered right here: Red Hat Security Advisory RHSA-2024:3354 (From 24 May 2024). Some helpful hyperlinks are listed later on this article.
Apache Solr Security Advisory – Risk: Medium
Risk degree: 2 (reasonable)
CVSS Base Score: 6.5
CVSS provisional rating: 5,7
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of safety vulnerabilities in pc programs. The CVSS customary makes it potential to check potential or precise safety dangers based mostly on numerous standards to create a precedence listing for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporal scores additionally take note of adjustments over time within the danger state of affairs. According to CVSS, the danger of the vulnerability talked about right here is rated as “reasonable” with 6.5 foundation factors.
Apache Solr Bug: Vulnerability Allows Information Disclosure
Apache Solr is an enterprise search engine server with a REST-like API.
A distant, licensed attacker might exploit a vulnerability in Apache Solr to reveal data.
Vulnerabilities had been categorised utilizing the CVE (Common Vulnerabilities and Exposures) reference system for every serial quantity CVE-2023-50290.
Systems affected by the safety hole at a look
working system
Linux
Products
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Apache Solr
Common steps to deal with IT safety gaps
- Users of the affected apps ought to keep up-to-date. When safety holes are recognized, producers are required to repair them shortly by growing a patch or workaround. If safety patches can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This typically comprises extra details about the newest model of the software program in query and the supply of safety patches or efficiency ideas.
- If you will have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to commonly examine the desired sources to see if a brand new safety replace is on the market.
Manufacturer details about updates, patches and workarounds
Here you will see that some hyperlinks with details about bug reviews, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3354 vom 2024-05-24 (23.05.2024)
For extra data, see:
Seclist Counseling (14.01.2024)
For extra data, see:
Red Hat Bugzilla dated 2024-01-14 (14.01.2024)
For extra data, see:
Version historical past of this safety alert
This is model 2 of this Apache Solr IT safety discover. This doc might be up to date as extra updates are introduced. You can examine adjustments or additions on this model historical past.
January 14, 2024 – First model
05/23/2024 – New updates from Red Hat have been added
+++ Editorial notice: This doc relies on present BSI information and might be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you will see that scorching information, present movies and a direct line to the editorial crew.
kns/roj/information.de