7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
44.9%
Apache Solr is vulnerable to Missing Authorization. The vulnerability is caused due to lack of authentication checks within the Schema Designer, allowing an attacker to load configSets
without proper authentication, resulting in arbitrary code execution.
www.openwall.com/lists/oss-security/2024/02/09/3
github.com/advisories/GHSA-4wxw-42wx-2wfx
github.com/apache/lucene-solr/commit/6e9ed203b30958396bdfd41760d426b386646865
github.com/apache/solr/commit/d07751cfaa8065bea8bd43f59e758e50d50c2419
solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
44.9%