Lucene search
K

4 matches found

Veracode
Veracode
added 2024/01/17 7:0 a.m.31 views

Sensitive Information Exposure

org.apache.solr: solr-core is vulnerable to Sensitive Information Exposure. The vulnerability is caused due to publishing all unprotected environment variables available to each Apache Solr instance thorough Solr Metrics API. An attacker can access Sensitive Information by exploiting this...

6.5CVSS7AI score0.68665EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2024/01/15 10:15 a.m.26 views

Design/Logic Flaw

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designe...

4CVSS7AI score0.68665EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/01/15 9:32 a.m.151 views

CVE-2023-50290

Apache Solr (versions 9.0.0–9.2.x) is vulnerable to CVE-2023-50290 via the Metrics API, which publishes all unprotected host environment variables. The root cause is that environment variables are not strictly definable in Solr and may be exposed even in Clouds with authorization, until fixed. Th...

6.5CVSS6.3AI score0.68665EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2024/01/12 9:31 p.m.113 views

CVE-2023-50290

A flaw was found in Apache Solr. This issue may allow an unauthorized actor access to sensitive information. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the...

6.5CVSS6.2AI score0.68665EPSS
Exploits0References3
Rows per page
Query Builder