CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50291 – Apache Solr: System Property redaction logic inconsistency can lead to leaked passwords
https://notcve.org/view.php?id=CVE-2023-50291
09 Feb 2024 — Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had "password" contained in the name. There are a number of sensitive system properties, such as "basicauth" and "aws.secretKey" do not contain "password", thus their values were published via the "/admin/info... • http://www.openwall.com/lists/oss-security/2024/02/09/4 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 22%CPEs: 2EXPL: 0CVE-2023-50292 – Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users
https://notcve.org/view.php?id=CVE-2023-50292
09 Feb 2024 — Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets. However, when the feature was created, the "trust" (authentication) of these configSets was not considered. External library loading is only available to configSets that are "... • http://www.openwall.com/lists/oss-security/2024/02/09/3 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50298 – Apache Solr: Solr can expose ZooKeeper credentials via Streaming Expressions
https://notcve.org/view.php?id=CVE-2023-50298
09 Feb 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter. When original SolrCloud is setup to use ZooKeeper credentials and ACLs, they will be sent to whatever "zkHost" the user provides. An attacker could setup a server to mock ZooKeeper, that accepts ZooKeeper requests with credentials a... • http://www.openwall.com/lists/oss-security/2024/02/09/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-922: Insecure Storage of Sensitive Information •
CVSS: 9.0EPSS: 88%CPEs: 2EXPL: 2CVE-2023-50386 – Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets
https://notcve.org/view.php?id=CVE-2023-50386
09 Feb 2024 — Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API. When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepositor... • https://packetstorm.news/files/id/178255 • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 6.8EPSS: 87%CPEs: 1EXPL: 0CVE-2023-50290 – Apache Solr: Host environment variables are published via the Metrics API
https://notcve.org/view.php?id=CVE-2023-50290
15 Jan 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host, unlike Java system properties whic... • https://solr.apache.org/security.html#cve-2023-50290-apache-solr-allows-read-access-to-host-environment-variables • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2021-44548 – Apache Solr information disclosure vulnerability through DataImportHandler
https://notcve.org/view.php?id=CVE-2021-44548
23 Dec 2021 — An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in... • https://security.netapp.com/advisory/ntap-20220114-0005 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-40: Path Traversal: '\\UNC\share\name\' (Windows UNC Share) •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2021-33813 – jdom: XXE allows attackers to cause a DoS via a crafted HTTP request
https://notcve.org/view.php?id=CVE-2021-33813
16 Jun 2021 — An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. Un problema de tipo XXE en SAXBuilder en JDOM versiones hasta 2.0.6, permite a atacantes causar una denegación de servicio por medio de una petición HTTP diseñada Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning proble... • https://alephsecurity.com/vulns/aleph-2021003 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.1EPSS: 5%CPEs: 1EXPL: 0CVE-2021-29943 – Apache Solr Unprivileged users may be able to perform unauthorized read/write to collections
https://notcve.org/view.php?id=CVE-2021-29943
13 Apr 2021 — When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts. Cuando se usa la función ConfigurableInternodeAuthHadoopPlugin para la autenticación, Apache Solr versiones anteriores a versión 8.8.2 reenviaría y realizaría proxy de unas peticiones distribuidas usando unas credenciales... • https://lists.apache.org/thread.html/r91dd0ff556e0c9aab4c92852e0e540c59d4633718ce12881558cf44d%40%3Cusers.solr.apache.org%3E • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 35%CPEs: 1EXPL: 0CVE-2021-29262 – Misapplied Zookeeper ACLs can result in leakage of configured authentication and authorization settings
https://notcve.org/view.php?id=CVE-2021-29262
13 Apr 2021 — When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs. Cuando se inicia Apache Solr versiones anteriores a 8.8.2, configuradas con la fu... • https://lists.apache.org/thread.html/r1171f6417eeb6d5e1206d53e2b2ff2d6ee14026f8b595ef7d8a33b79%40%3Coak-issues.jackrabbit.apache.org%3E • CWE-522: Insufficiently Protected Credentials •