VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-pk1z-x6n7-aaaa

Essentials
Severities (81)
References (12)
Severity details (13)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-pk1z-x6n7-aaaa
Aliases	CVE-2023-50292 GHSA-4wxw-42wx-2wfx
Summary	Apache Solr Schema Designer blindly "trusts" all configsets
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-732	Incorrect Permission Assignment for Critical Resource
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	6.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50292.json
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.00223	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.00223	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.00223	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.00223	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.22586	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.22586	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.22586	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.22586	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.22586	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.22586	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.22586	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.33787	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.33787	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.33787	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.33787	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.33787	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.33787	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.33787	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.33787	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.33787	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.33787	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.33787	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.33787	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.33787	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.33787	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.33787	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.33787	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.33787	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.33787	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.33787	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.34347	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.34347	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.34347	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.34347	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.34347	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.34347	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.34347	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.34347	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.34347	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.34347	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.39128	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.39128	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.39128	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.39128	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.39128	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.39128	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.39128	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.39128	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.39128	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.39128	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.39128	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.39128	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.39128	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.39128	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.39128	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.39128	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
epss	0.63704	https://api.first.org/data/v1/epss?cve=CVE-2023-50292
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-4wxw-42wx-2wfx
generic_textual	LOW	https://github.com/apache/lucene-solr/commit/6e9ed203b30958396bdfd41760d426b386646865
generic_textual	LOW	https://github.com/apache/solr/commit/d07751cfaa8065bea8bd43f59e758e50d50c2419
generic_textual	LOW	https://issues.apache.org/jira/browse/SOLR-16777
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-50292
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-50292
cvssv3.1	7.5	https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions
generic_textual	MODERATE	https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions
ssvc	Track	https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions
cvssv3.1	7.5	http://www.openwall.com/lists/oss-security/2024/02/09/3
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2024/02/09/3
ssvc	Track	http://www.openwall.com/lists/oss-security/2024/02/09/3

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50292.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-50292
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50292
		https://github.com/apache/lucene-solr/commit/6e9ed203b30958396bdfd41760d426b386646865
		https://github.com/apache/solr/commit/d07751cfaa8065bea8bd43f59e758e50d50c2419
		https://issues.apache.org/jira/browse/SOLR-16777
		https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions
		http://www.openwall.com/lists/oss-security/2024/02/09/3
2263579		https://bugzilla.redhat.com/show_bug.cgi?id=2263579
cpe:2.3:a:apache:solr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr::::::::
CVE-2023-50292		https://nvd.nist.gov/vuln/detail/CVE-2023-50292
GHSA-4wxw-42wx-2wfx		https://github.com/advisories/GHSA-4wxw-42wx-2wfx

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50292.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-50292

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-50292

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:33Z/ Found at https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2024/02/09/3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:33Z/ Found at http://www.openwall.com/lists/oss-security/2024/02/09/3

Exploit Prediction Scoring System (EPSS)

Percentile	0.45618
EPSS Score	0.00112
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-02-09T23:49:07.141659+00:00	GHSA Importer	Import	https://github.com/advisories/GHSA-4wxw-42wx-2wfx	34.0.0rc2