Search for vulnerabilities
Vulnerability details: VCID-rkuj-4wbz-aaap
Vulnerability ID VCID-rkuj-4wbz-aaap
Aliases CVE-2023-50290
GHSA-gg7w-pw2r-x2cq
Summary Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host, unlike Java system properties which are set per-Java-proccess. The Solr Metrics API is protected by the "metrics-read" permission. Therefore, Solr Clouds with Authorization setup will only be vulnerable via users with the "metrics-read" permission. This issue affects Apache Solr: from 9.0.0 before 9.3.0. Users are recommended to upgrade to version 9.3.0 or later, in which environment variables are not published via the Metrics API.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50290.json
epss 0.17993 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.17993 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.17993 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.24319 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.24402 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.24402 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.24402 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.24402 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.24402 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.24402 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.24402 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.37181 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.37698 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.37698 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.38562 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.87943 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.87943 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.87943 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.87943 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.87943 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.87943 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.87943 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.88353 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.93001 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.93001 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.93001 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.93001 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.93001 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.93001 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.93001 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.93001 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.93001 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.93001 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.93156 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.93156 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
epss 0.93156 https://api.first.org/data/v1/epss?cve=CVE-2023-50290
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-gg7w-pw2r-x2cq
cvssv3.1 6.5 https://github.com/apache/lucene-solr
generic_textual MODERATE https://github.com/apache/lucene-solr
cvssv3.1 6.5 https://github.com/apache/solr/commit/35fc4bdc48171d9a64251c54a1e76deb558cf9d8
generic_textual MODERATE https://github.com/apache/solr/commit/35fc4bdc48171d9a64251c54a1e76deb558cf9d8
cvssv3.1 6.5 https://issues.apache.org/jira/browse/SOLR-16808
generic_textual MODERATE https://issues.apache.org/jira/browse/SOLR-16808
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2023-50290
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2023-50290
cvssv3.1 6.5 https://solr.apache.org/security.html#cve-2023-50290-apache-solr-allows-read-access-to-host-environment-variables
generic_textual MODERATE https://solr.apache.org/security.html#cve-2023-50290-apache-solr-allows-read-access-to-host-environment-variables
ssvc Track https://solr.apache.org/security.html#cve-2023-50290-apache-solr-allows-read-access-to-host-environment-variables
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50290.json
https://api.first.org/data/v1/epss?cve=CVE-2023-50290
https://github.com/apache/lucene-solr
https://github.com/apache/solr/commit/35fc4bdc48171d9a64251c54a1e76deb558cf9d8
https://issues.apache.org/jira/browse/SOLR-16808
https://solr.apache.org/security.html#cve-2023-50290-apache-solr-allows-read-access-to-host-environment-variables
2258132 https://bugzilla.redhat.com/show_bug.cgi?id=2258132
cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
CVE-2023-50290 https://nvd.nist.gov/vuln/detail/CVE-2023-50290
GHSA-gg7w-pw2r-x2cq https://github.com/advisories/GHSA-gg7w-pw2r-x2cq
RHSA-2024:3354 https://access.redhat.com/errata/RHSA-2024:3354
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50290.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/apache/lucene-solr
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/apache/solr/commit/35fc4bdc48171d9a64251c54a1e76deb558cf9d8
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://issues.apache.org/jira/browse/SOLR-16808
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-50290
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-50290
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://solr.apache.org/security.html#cve-2023-50290-apache-solr-allows-read-access-to-host-environment-variables
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-09T20:17:07Z/ Found at https://solr.apache.org/security.html#cve-2023-50290-apache-solr-allows-read-access-to-host-environment-variables
Exploit Prediction Scoring System (EPSS)
Percentile 0.96289
EPSS Score 0.17993
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-01-12T23:41:05.855276+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 34.0.0rc2