A vulnerability was found in Apache Solr Operator. When bootstraping Solr security, a couple of initial user accounts are created by default, including a βk8s-operβ account. This account is used by the operator to send requests to Solr, such as health checks. When one of the probes used by these requests fails and authentication is being used, the Solr Operator ends, creating a Kubernetes event containing the username and password of the βk8s-operβ account.
This issue can be mitigated by disabling authentication on the health check probes by setting the following configuration option:
.solrOptions.security.probesRequireAuth=false