7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
19.4%
Apache Solr is vulnerable to Sensitive Information Disclosure. The vulnerability is due to missing zkHost
validation within the Solr Streaming Expressions feature, allowing users to extract data from other Solr Clouds by specifying an external ZooKeeper host, which results in the leakage of ZooKeeper credentials and ACLs to unauthorized attackers.
www.openwall.com/lists/oss-security/2024/02/09/2
www.openwall.com/lists/oss-security/2024/02/09/3
github.com/apache/solr/commit/e2bf1f434aad873fbb24c21d46ac00e888806d98
issues.apache.org/jira/browse/SOLR-17098
solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
19.4%