CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27 matches found

RedHat Linux•added 2024/05/23 10:45 p.m.•3 views

Solr: Host environment variables are published via the Metrics API

A flaw was found in Apache Solr. This issue may allow an unauthorized actor access to sensitive information. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the...

6.5CVSS5.6AI score0.92953EPSS

Exploits0References4

OSV•added 2024/03/06 11:5 a.m.•20 views

BIT-SOLR-2023-50290 Apache Solr: Host environment variables are published via the Metrics API

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designe...

6.5CVSS6.6AI score0.92953EPSS

Exploits0References2

Veracode•added 2024/01/17 7:0 a.m.•28 views

Sensitive Information Exposure

org.apache.solr: solr-core is vulnerable to Sensitive Information Exposure. The vulnerability is caused due to publishing all unprotected environment variables available to each Apache Solr instance thorough Solr Metrics API. An attacker can access Sensitive Information by exploiting this...

6.5CVSS7AI score0.92953EPSS

Exploits0References4Affected Software1

OSV•added 2024/01/15 12:30 p.m.•26 views

GHSA-GG7W-PW2R-X2CQ Apache Solr allows read access to host environmet variables

6.5CVSS6.6AI score0.92953EPSS

Exploits0References5

Github Security Blog•added 2024/01/15 12:30 p.m.•37 views

Apache Solr allows read access to host environmet variables

6.5CVSS6.8AI score0.92953EPSS

Exploits0References5Affected Software1

NVD•added 2024/01/15 10:15 a.m.•27 views

CVE-2023-50290

6.5CVSS6.4AI score0.92953EPSS

Exploits0References1

OSV•added 2024/01/15 10:15 a.m.•1 views

CVE-2023-50290

6.5CVSS6.7AI score0.92953EPSS

Exploits0References1

Prion•added 2024/01/15 10:15 a.m.•21 views

Design/Logic Flaw

4CVSS7AI score0.92953EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/01/15 9:32 a.m.•22 views

CVE-2023-50290 Apache Solr: Host environment variables are published via the Metrics API

6.6AI score0.92953EPSS

Exploits0References1

Debian CVE•added 2024/01/15 9:32 a.m.•37 views

CVE-2023-50290

6.5CVSS6.4AI score0.92953EPSS

Exploits0

CVE•added 2024/01/15 9:32 a.m.•130 views

CVE-2023-50290

Apache Solr (versions 9.0.0–9.2.x) is vulnerable to CVE-2023-50290 via the Metrics API, which publishes all unprotected host environment variables. The root cause is that environment variables are not strictly definable in Solr and may be exposed even in Clouds with authorization, until fixed. Th...

6.5CVSS6.3AI score0.92953EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2024/01/15 9:32 a.m.•7 views

CVE-2023-50290 Apache Solr: Host environment variables are published via the Metrics API

6.7AI score0.92953EPSS

Exploits0References1

UbuntuCve•added 2024/01/15 12:0 a.m.•39 views

CVE-2023-50290

6.5CVSS6.5AI score0.92953EPSS

Exploits0References2

RedhatCVE•added 2024/01/12 9:31 p.m.•106 views

CVE-2023-50290

6.5CVSS6.2AI score0.92953EPSS

Exploits0References3

Positive Technologies•added 2024/01/12 12:0 a.m.•1 views

PT-2024-1138 · Apache · Apache Solr

Name of the Vulnerable Software and Affected Versions: Apache Solr versions 9.0.0 through 9.3.0 Description: The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the...

6.8CVSS6.3AI score0.92953EPSS

Exploits0References24

SUSE CVE•added 2023/02/15 4:1 a.m.•1 views

SUSE CVE-2020-7943

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...

7.5CVSS8.6AI score0.65366EPSS

Exploits0References3

Veracode•added 2020/10/28 5:49 p.m.•29 views

Information Disclosure

puppet is vulnerable to information disclosure. The vulnerability exists due to leak sensitive information via metrics API which allows an attacker to access on localhost by default...

7.5CVSS7AI score0.65366EPSS

Exploits0References3Affected Software243

RedhatCVE•added 2020/04/27 8:9 p.m.•18 views

CVE-2020-7943

A flaw was found where the metrics API endpoints of Puppet Server and PuppetDB leaked sensitive information to the local network. Listening to these network endpoints could allow attackers the ability to exploit additional computer systems. The highest impact of this flaw is confidentiality...

7.5CVSS3.9AI score0.65366EPSS

Exploits0References4

Tenable Nessus•added 2020/03/24 12:0 a.m.•41 views

FreeBSD : puppetserver and puppetdb -- Puppet Server and PuppetDB may leak sensitive information via metrics API (36def7ba-6d2b-11ea-b115-643150d3111d)

Puppetlabs reports : Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as...

7.5CVSS7.5AI score0.65366EPSS

Exploits0References3

OSV•added 2020/03/11 11:15 p.m.•14 views

CVE-2020-7943

7.5CVSS6.2AI score0.65366EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by