CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50291 – Apache Solr: System Property redaction logic inconsistency can lead to leaked passwords
https://notcve.org/view.php?id=CVE-2023-50291
09 Feb 2024 — Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had "password" contained in the name. There are a number of sensitive system properties, such as "basicauth" and "aws.secretKey" do not contain "password", thus their values were published via the "/admin/info... • http://www.openwall.com/lists/oss-security/2024/02/09/4 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 22%CPEs: 2EXPL: 0CVE-2023-50292 – Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users
https://notcve.org/view.php?id=CVE-2023-50292
09 Feb 2024 — Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets. However, when the feature was created, the "trust" (authentication) of these configSets was not considered. External library loading is only available to configSets that are "... • http://www.openwall.com/lists/oss-security/2024/02/09/3 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50298 – Apache Solr: Solr can expose ZooKeeper credentials via Streaming Expressions
https://notcve.org/view.php?id=CVE-2023-50298
09 Feb 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter. When original SolrCloud is setup to use ZooKeeper credentials and ACLs, they will be sent to whatever "zkHost" the user provides. An attacker could setup a server to mock ZooKeeper, that accepts ZooKeeper requests with credentials a... • http://www.openwall.com/lists/oss-security/2024/02/09/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-922: Insecure Storage of Sensitive Information •
CVSS: 9.0EPSS: 88%CPEs: 2EXPL: 2CVE-2023-50386 – Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets
https://notcve.org/view.php?id=CVE-2023-50386
09 Feb 2024 — Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API. When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepositor... • https://packetstorm.news/files/id/178255 • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 6.8EPSS: 87%CPEs: 1EXPL: 0CVE-2023-50290 – Apache Solr: Host environment variables are published via the Metrics API
https://notcve.org/view.php?id=CVE-2023-50290
15 Jan 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host, unlike Java system properties whic... • https://solr.apache.org/security.html#cve-2023-50290-apache-solr-allows-read-access-to-host-environment-variables • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •