Lucene search
Veracode Vulnerability DatabaseVERACODE:45436HistoryFeb 12, 2024 - 7:09 a.m.
Sensitive Information Disclosure
2024-02-1207:09:08
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
apache solr
sensitive information
disclosure
zookeeper
streaming expressions
Apache Solr is vulnerable to Sensitive Information Disclosure. The vulnerability is due to missing zkHost validation within the Solr Streaming Expressions feature, allowing users to extract data from other Solr Clouds by specifying an external ZooKeeper host, which results in the leakage of ZooKeeper credentials and ACLs to unauthorized attackers.
References
www.openwall.com/lists/oss-security/2024/02/09/2
www.openwall.com/lists/oss-security/2024/02/09/3
github.com/apache/solr/commit/e2bf1f434aad873fbb24c21d46ac00e888806d98
issues.apache.org/jira/browse/SOLR-17098
solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions
Related
prion
prion
Design/Logic Flaw
2024-02-09 18:15:00
redhatcve
redhatcve
CVE-2023-50298
2024-02-09 22:29:51
osv
osv
Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds
2024-02-09 18:31:07
CVE-2023-50298
2024-02-09 18:15:08
BIT-solr-2023-50298
2024-03-06 11:05:12
cvelist
cvelist
cve
cve
CVE-2023-50298
2024-02-09 18:15:08
debiancve
debiancve
CVE-2023-50298
2024-02-09 18:15:08
cgr
cgr
CVE-2023-50298 vulnerabilities
2024-05-19 03:07:16
github
github
ubuntucve
ubuntucve
CVE-2023-50298
2024-02-09 00:00:00
wolfi
wolfi
CVE-2023-50298 vulnerabilities
2024-06-01 15:24:07
nessus
nessus
Oracle Primavera Unifier (April 2024 CPU)
2024-04-17 00:00:00
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00