CVE-2023-50292

CWE-732Incorrect Permission Assignment7 documents6 sources
Severity
7.5HIGH
EPSS
40.1%
top 2.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache SolrApache Solr
Timeline
PublishedFeb 9

Description

Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets. However, when the feature was created, the "trust" (authentication) of these configSets was not considered. External library loading is only available to configS

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDapache/solr6.0.08.11.3+1
Mavenorg.apache.solr:solr-core9.0.09.3.0+1
CVEListV5apache_software_foundation/apache_solr9.0.09.3.0+1
Debianlucene-solr< 3.6.2+dfsg-23+3

🔴Vulnerability Details

4
OSV
CVE-2023-50292: Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr2024-02-09
GHSA
Apache Solr Schema Designer blindly "trusts" all configsets2024-02-09
OSV
Apache Solr Schema Designer blindly "trusts" all configsets2024-02-09
CVEList
Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users2024-02-09

📋Vendor Advisories

2
Red Hat
Solr: Schema Designer trusts all configsets, possibly leading to RCE by unauthenticated users2024-02-09
Debian
CVE-2023-50292: lucene-solr - Incorrect Permission Assignment for Critical Resource, Improper Control of Dynam...2023
CVE-2023-50292 (HIGH CVSS 7.5) | Incorrect Permission Assignment for | cvebase.io