Search for vulnerabilities
Vulnerability details: VCID-83s4-swg3-aaar
Vulnerability ID VCID-83s4-swg3-aaar
Aliases CVE-2023-50386
GHSA-37vr-vmg4-jwpw
Summary Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-434 Unrestricted Upload of File with Dangerous Type
CWE-913 Improper Control of Dynamically-Managed Code Resources
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50386.json
epss 0.82427 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.82427 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.82427 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.82427 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.82427 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.82427 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.82427 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.82427 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.82427 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.82427 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.82427 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.82427 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.82427 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.82655 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.82655 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.82655 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.82655 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.82655 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.82655 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.82655 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.82655 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.85175 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.85175 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.85175 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.85175 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.85175 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.85175 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.85175 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.85175 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.85175 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.85175 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.86683 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.86683 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.86683 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.88133 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.88133 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.88133 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.88133 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.88133 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.88133 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.88133 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.88133 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.88824 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
epss 0.89461 https://api.first.org/data/v1/epss?cve=CVE-2023-50386
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-37vr-vmg4-jwpw
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-37vr-vmg4-jwpw
cvssv3.1 8.8 https://github.com/apache/lucene-solr/commit/6c8f24eb9e3fe1cb19058173f2e221de3febfeda
generic_textual HIGH https://github.com/apache/lucene-solr/commit/6c8f24eb9e3fe1cb19058173f2e221de3febfeda
generic_textual MODERATE https://github.com/apache/lucene-solr/commit/6c8f24eb9e3fe1cb19058173f2e221de3febfeda
cvssv3.1 8.8 https://github.com/apache/lucene-solr/commit/7e9a2e67f812032a049836c3aa0b18bf5cd717f9
generic_textual HIGH https://github.com/apache/lucene-solr/commit/7e9a2e67f812032a049836c3aa0b18bf5cd717f9
generic_textual MODERATE https://github.com/apache/lucene-solr/commit/7e9a2e67f812032a049836c3aa0b18bf5cd717f9
cvssv3.1 8.8 https://github.com/apache/solr/commit/644dd3a6d6780d71030f7070754d2f3adce22859
generic_textual HIGH https://github.com/apache/solr/commit/644dd3a6d6780d71030f7070754d2f3adce22859
generic_textual MODERATE https://github.com/apache/solr/commit/644dd3a6d6780d71030f7070754d2f3adce22859
cvssv3.1 8.8 https://github.com/apache/solr/commit/c79011e81dada2f9bc4b4df32ffb32152ef81152
generic_textual HIGH https://github.com/apache/solr/commit/c79011e81dada2f9bc4b4df32ffb32152ef81152
generic_textual MODERATE https://github.com/apache/solr/commit/c79011e81dada2f9bc4b4df32ffb32152ef81152
cvssv3.1 8.8 https://issues.apache.org/jira/browse/SOLR-16949
generic_textual HIGH https://issues.apache.org/jira/browse/SOLR-16949
generic_textual MODERATE https://issues.apache.org/jira/browse/SOLR-16949
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-50386
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-50386
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2023-50386
cvssv3.1 8.8 https://solr.apache.org/security.html#cve-2023-50386-apache-solr-backuprestore-apis-allow-for-deployment-of-executables-in-malicious-configsets
generic_textual HIGH https://solr.apache.org/security.html#cve-2023-50386-apache-solr-backuprestore-apis-allow-for-deployment-of-executables-in-malicious-configsets
generic_textual MODERATE https://solr.apache.org/security.html#cve-2023-50386-apache-solr-backuprestore-apis-allow-for-deployment-of-executables-in-malicious-configsets
ssvc Track* https://solr.apache.org/security.html#cve-2023-50386-apache-solr-backuprestore-apis-allow-for-deployment-of-executables-in-malicious-configsets
cvssv3.1 8.8 http://www.openwall.com/lists/oss-security/2024/02/09/1
generic_textual HIGH http://www.openwall.com/lists/oss-security/2024/02/09/1
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2024/02/09/1
ssvc Track* http://www.openwall.com/lists/oss-security/2024/02/09/1
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50386.json
https://api.first.org/data/v1/epss?cve=CVE-2023-50386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50386
https://github.com/apache/lucene-solr/commit/6c8f24eb9e3fe1cb19058173f2e221de3febfeda
https://github.com/apache/lucene-solr/commit/7e9a2e67f812032a049836c3aa0b18bf5cd717f9
https://github.com/apache/solr/commit/644dd3a6d6780d71030f7070754d2f3adce22859
https://github.com/apache/solr/commit/c79011e81dada2f9bc4b4df32ffb32152ef81152
https://issues.apache.org/jira/browse/SOLR-16949
https://solr.apache.org/security.html#cve-2023-50386-apache-solr-backuprestore-apis-allow-for-deployment-of-executables-in-malicious-configsets
http://www.openwall.com/lists/oss-security/2024/02/09/1
2263585 https://bugzilla.redhat.com/show_bug.cgi?id=2263585
cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
CVE-2023-50386 https://nvd.nist.gov/vuln/detail/CVE-2023-50386
GHSA-37vr-vmg4-jwpw https://github.com/advisories/GHSA-37vr-vmg4-jwpw
Data source Metasploit
Description Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1 is affected by an Unrestricted Upload of File with Dangerous Type vulnerability which can result in remote code execution in the context of the user running Apache Solr. When Apache Solr creates a Collection, it will use a specific directory as the classpath and load some classes from it. The backup function of the Collection can export malicious class files uploaded by attackers to the directory, allowing Solr to load custom classes and create arbitrary Java code. Execution can further bypass the Java sandbox configured by Solr, ultimately causing arbitrary command execution.
Note 
Stability:
  - crash-safe
SideEffects:
  - artifacts-on-disk
  - config-changes
Reliability:
  - repeatable-session
Ransomware campaign use Unknown
Source publication date Feb. 24, 2024
Platform Linux,Unix
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/http/apache_solr_backup_restore.rb
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50386.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/apache/lucene-solr/commit/6c8f24eb9e3fe1cb19058173f2e221de3febfeda
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/apache/lucene-solr/commit/7e9a2e67f812032a049836c3aa0b18bf5cd717f9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/apache/solr/commit/644dd3a6d6780d71030f7070754d2f3adce22859
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/apache/solr/commit/c79011e81dada2f9bc4b4df32ffb32152ef81152
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://issues.apache.org/jira/browse/SOLR-16949
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-50386
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-50386
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://solr.apache.org/security.html#cve-2023-50386-apache-solr-backuprestore-apis-allow-for-deployment-of-executables-in-malicious-configsets
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-30T04:00:07Z/ Found at https://solr.apache.org/security.html#cve-2023-50386-apache-solr-backuprestore-apis-allow-for-deployment-of-executables-in-malicious-configsets
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2024/02/09/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-30T04:00:07Z/ Found at http://www.openwall.com/lists/oss-security/2024/02/09/1
Exploit Prediction Scoring System (EPSS)
Percentile 0.99156
EPSS Score 0.82427
Published At April 15, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2024-02-09T23:49:06.882269+00:00 GHSA Importer Import https://github.com/advisories/GHSA-37vr-vmg4-jwpw 34.0.0rc2