Apache Solr is vulnerable to Sensitive Information Disclosure. The vulnerability is due to missing zkHost
validation within the Solr Streaming Expressions feature, allowing users to extract data from other Solr Clouds by specifying an external ZooKeeper host, which results in the leakage of ZooKeeper credentials and ACLs to unauthorized attackers.
www.openwall.com/lists/oss-security/2024/02/09/2
www.openwall.com/lists/oss-security/2024/02/09/3
github.com/apache/solr/commit/e2bf1f434aad873fbb24c21d46ac00e888806d98
issues.apache.org/jira/browse/SOLR-17098
solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions