CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
44.8%
Insufficiently Protected Credentials vulnerability in Apache Solr.
This issue affects Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0.
One of the two endpoints that publishes the Solr processā Java system properties, /admin/info/properties, was only setup to hide system properties that had āpasswordā contained in the name.
There are a number of sensitive system properties, such as ābasicauthā and āaws.secretKeyā do not contain āpasswordā, thus their values were published via the ā/admin/info/propertiesā endpoint.
This endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI.
This /admin/info/properties endpoint is protected under the āconfig-readā permission.
Therefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the āconfig-readā permission.
Users are recommended to upgrade to version 9.3.0 or 8.11.3, both of which fix the issue.
A single option now controls hiding Java system property for all endpoints, ā-Dsolr.hiddenSysPropsā.
By default all known sensitive properties are hidden (including ā-Dbasicauthā), as well as any property with a name containing āsecretā or āpasswordā.
Users who cannot upgrade can also use the following Java system property to fix the issue:
Ā -Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*
www.openwall.com/lists/oss-security/2024/02/09/4
github.com/apache/solr
github.com/apache/solr/commit/659021c7d50164a3166887f24875228431b02102
github.com/apache/solr/commit/98c198810f2cd934d23d0d80aadb570a2bbb3b8e
issues.apache.org/jira/browse/SOLR-16809
nvd.nist.gov/vuln/detail/CVE-2023-50291
solr.apache.org/security.html#cve-2023-50291-apache-solr-can-leak-certain-passwords-due-to-system-property-redaction-logic-inconsistencies
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
44.8%