Veracode Vulnerability DatabaseVERACODE:45449Insufficiently Protected Credentials
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
44.8%
Apache Solr is vulnerable to Insufficiently Protected Credentials. The vulnerability is caused due to system property redaction logic inconsistencies. This allows an attacker to access sensitive system properties, including credentials such as passwords or secret keys.
References
www.openwall.com/lists/oss-security/2024/02/09/4
github.com/advisories/GHSA-3hwc-rqwp-v36q
github.com/apache/solr/commit/659021c7d50164a3166887f24875228431b02102
github.com/apache/solr/commit/98c198810f2cd934d23d0d80aadb570a2bbb3b8e
solr.apache.org/security.html#cve-2023-50291-apache-solr-can-leak-certain-passwords-due-to-system-property-redaction-logic-inconsistencies
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
44.8%