{"vulnerability": "CVE-2024-4521", "sightings": [{"uuid": "3ed62d9d-e364-472d-a839-bab9c52e6b90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45216", "type": "published-proof-of-concept", "source": "https://t.me/haj3imad/20381", "content": "", "creation_timestamp": "2024-11-03T15:23:07.000000Z"}, {"uuid": "52dde70c-a440-4ede-8e9e-b77ecbf3f838", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45216", "type": "seen", "source": "Telegram/qrYZ-6kyMKMvPCVmWaTwRfTtfTtccanvxn4RG5xEEw5nHAE", "content": "", "creation_timestamp": "2024-11-03T06:05:40.000000Z"}, {"uuid": "68402889-0810-4703-916c-35568094d799", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45216", "type": "seen", "source": "https://t.me/haj3imad/20374", "content": "CVE-2024-45216                      fofa\n                                         app=\"APACHE-Solr\"", "creation_timestamp": "2024-11-03T07:03:07.000000Z"}, {"uuid": "612a03bb-fafc-41e9-8b94-e5ee3901f765", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45216", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m4lvabl5tu2b", "content": "", "creation_timestamp": "2025-11-01T21:02:25.064200Z"}, {"uuid": "6e5300fa-96a9-42c5-97d1-490c8f6eeffd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45216", "type": "published-proof-of-concept", "source": "Telegram/e49p_7idYmm_3xtxEhRJ4cCyGbpgg2GR_c5lUkuiqBY4F0U", "content": "", "creation_timestamp": "2024-11-10T07:15:41.000000Z"}, {"uuid": "6ecf7a34-19f5-464c-bd9e-e818c37564a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45216", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m3xrj4cjej2a", "content": "", "creation_timestamp": "2025-10-24T21:02:36.440725Z"}, {"uuid": "108ac0be-1669-440a-9305-a89884433199", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45216", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m3iophemto27", "content": "", "creation_timestamp": "2025-10-18T21:02:30.365429Z"}, {"uuid": "cdd18b5a-41e8-478e-bc8e-3c70a7642687", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45217", "type": "seen", "source": "https://t.me/cvedetector/8031", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45217 - Apache Solr Unauthenticated Trusted ConfigSet Initialization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45217 \nPublished : Oct. 16, 2024, 8:15 a.m. | 37\u00a0minutes ago \nDescription : Insecure Default Initialization of Resource vulnerability in Apache Solr.  \n  \nNew ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the \"trusted\" metadata.  \nConfigSets that do not contain the flag are trusted implicitly if the metadata is missing, therefore this leads to \"trusted\" ConfigSets that may not have been created with an Authenticated request.  \n\"trusted\" ConfigSets are able to load custom code into classloaders, therefore the flag is supposed to only be set when the request that uploads the ConfigSet is Authenticated & Authorized.  \n  \nThis issue affects Apache Solr: from 6.6.0 before 8.11.4, from 9.0.0 before 9.7.0. This issue does not affect Solr instances that are secured via Authentication/Authorization.  \n  \nUsers are primarily recommended to use Authentication and Authorization when running Solr. However, upgrading to version 9.7.0, or 8.11.4 will mitigate this issue otherwise. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-16T11:20:44.000000Z"}, {"uuid": "8c572924-f699-4934-a703-6b0b43097932", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45216", "type": "seen", "source": "https://t.me/cvedetector/8030", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45216 - Apache Solr PKIAuthenticationPlugin Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-45216 \nPublished : Oct. 16, 2024, 8:15 a.m. | 37\u00a0minutes ago \nDescription : Improper Authentication vulnerability in Apache Solr.  \n  \nSolr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass.  \nA fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path.  \nThis fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing.  \n  \n  \nThis issue affects Apache Solr: from 5.3.0 before 8.11.4, from 9.0.0 before 9.7.0.  \n  \nUsers are recommended to upgrade to version 9.7.0, or 8.11.4, which fix the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-16T11:20:43.000000Z"}, {"uuid": "57ac7550-2e0f-4231-9f14-890ef2b3f622", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45219", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/8032", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45219 - \"Apache CloudStack KVM Template Upload/Attachment Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-45219 \nPublished : Oct. 16, 2024, 8:15 a.m. | 37\u00a0minutes ago \nDescription : Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or volumes in CloudStack 4.0.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1, an attacker that can upload or register templates and volumes, can use them to deploy malicious instances or attach uploaded volumes to their existing instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack.  \n  \n  \nUsers are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue.   \n  \nAdditionally, all user-uploaded or registered KVM-compatible templates and volumes can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run this on their secondary storage(s) and inspect output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk.  \n  \n  \nfor file in $(find /path/to/storage/ -type f -regex [a-f0-9\\-]*.*); do echo \"Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully.\"; qemu-img info -U $file | grep file: ; printf \"\\n\\n\"; done  \nThe command can also be run for the file-based primary storages; however, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives.  \n  \nFor checking the whole template/volume features of each disk, operators can run the following command:  \n  \n  \nfor file in $(find /path/to/storage/ -type f -regex [a-f0-9\\-]*.*); do echo \"Retrieving file [$file] info.\"; qemu-img info -U $file; printf \"\\n\\n\"; done \nSeverity: 8.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-16T11:20:45.000000Z"}, {"uuid": "571dfc20-b1d9-4874-94fe-1adfe1535f32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-4521", "type": "seen", "source": "Telegram/UVZ-rbCRo_zarI6X83bx3ZB571XH1Lyg8zeyB81k4UfysW4g", "content": "", "creation_timestamp": "2025-02-19T19:13:56.000000Z"}]}