VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-vj8s-sv5u-aaaf

Essentials
Severities (108)
References (14)
Severity details (18)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-vj8s-sv5u-aaaf
Aliases	CVE-2023-50298 GHSA-xrj7-x7gp-wwqr
Summary	Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-922	Insecure Storage of Sensitive Information

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50298.json
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00089	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00089	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00089	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00122	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
epss	0.00197	https://api.first.org/data/v1/epss?cve=CVE-2023-50298
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-xrj7-x7gp-wwqr
cvssv3.1	7.5	https://github.com/apache/lucene-solr/commit/61c956c426b2cfb85ccef55d1afca4335eacd269
generic_textual	MODERATE	https://github.com/apache/lucene-solr/commit/61c956c426b2cfb85ccef55d1afca4335eacd269
cvssv3.1	7.5	https://github.com/apache/solr
generic_textual	MODERATE	https://github.com/apache/solr
cvssv3.1	7.5	https://github.com/apache/solr/commit/e2bf1f434aad873fbb24c21d46ac00e888806d98
generic_textual	MODERATE	https://github.com/apache/solr/commit/e2bf1f434aad873fbb24c21d46ac00e888806d98
cvssv3.1	7.5	https://issues.apache.org/jira/browse/SOLR-17098
generic_textual	MODERATE	https://issues.apache.org/jira/browse/SOLR-17098
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-50298
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-50298
cvssv3.1	7.5	https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions
generic_textual	MODERATE	https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions
cvssv3.1	7.5	http://www.openwall.com/lists/oss-security/2024/02/09/2
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2024/02/09/2
cvssv3.1	7.5	http://www.openwall.com/lists/oss-security/2024/02/09/3
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2024/02/09/3

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50298.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-50298
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50298
		https://github.com/apache/lucene-solr/commit/61c956c426b2cfb85ccef55d1afca4335eacd269
		https://github.com/apache/solr
		https://github.com/apache/solr/commit/e2bf1f434aad873fbb24c21d46ac00e888806d98
		https://issues.apache.org/jira/browse/SOLR-17098
		https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions
		http://www.openwall.com/lists/oss-security/2024/02/09/2
		http://www.openwall.com/lists/oss-security/2024/02/09/3
2263583		https://bugzilla.redhat.com/show_bug.cgi?id=2263583
cpe:2.3:a:apache:solr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr::::::::
CVE-2023-50298		https://nvd.nist.gov/vuln/detail/CVE-2023-50298
GHSA-xrj7-x7gp-wwqr		https://github.com/advisories/GHSA-xrj7-x7gp-wwqr

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50298.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/apache/lucene-solr/commit/61c956c426b2cfb85ccef55d1afca4335eacd269

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/apache/solr

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/apache/solr/commit/e2bf1f434aad873fbb24c21d46ac00e888806d98

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://issues.apache.org/jira/browse/SOLR-17098

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-50298

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-50298

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2024/02/09/2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2024/02/09/3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.04033
EPSS Score	0.00025
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2024-02-09T23:49:07.223899+00:00	GHSA Importer	Import	https://github.com/advisories/GHSA-xrj7-x7gp-wwqr	34.0.0rc2