Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-50290

CWE-200 — Information Exposure8 documents7 sources

Severity

6.5MEDIUM

EPSS

92.9%

top 0.23%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apache Software Foundation Apache Solr Apache Solr

Timeline

PublishedJan 15

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host, unlike Java system pro…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDapache/solr9.0.0 — 9.3.0

▶Mavenorg.apache.solr:solr-core9.0.0 — 9.3.0

▶CVEListV5apache_software_foundation/apache_solr9.0.0 — 9.3.0

🔴Vulnerability Details

OSV

CVE-2023-50290: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr↗2024-01-15

▶

GHSA

Apache Solr allows read access to host environmet variables↗2024-01-15

▶

OSV

Apache Solr allows read access to host environmet variables↗2024-01-15

▶

CVEList

Apache Solr: Host environment variables are published via the Metrics API↗2024-01-15

▶

💥Exploits & PoCs

Nuclei

Apache Solr - Host Environment Variables Leak via Metrics API

▶

📋Vendor Advisories

Red Hat

Solr: Host environment variables are published via the Metrics API↗2024-01-12

▶

Debian

CVE-2023-50290: lucene-solr - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apac...↗2023

▶