CVE-2023-50291

Name of the Vulnerable Software and Affected Versions Apache Solr versions 6.0.0 through 8.11.2 Apache Solr versions 9.0.0 through 9.2.x

Description The issue is related to insufficient protection of credentials in Apache Solr. One of the endpoints, "/admin/info/properties", was only set up to hide system properties containing the word "password" in their name. However, other sensitive system properties, such as "basicauth" and "aws.secretKey", do not contain "password" and thus their values were published via the "/admin/info/properties" endpoint. This endpoint is protected under the "config-read" permission, and Solr Clouds with Authorization enabled are only vulnerable through logged-in users with the "config-read" permission.

Recommendations Upgrade to version 9.3.0 or 8.11.3, which fixes the issue. For users who cannot upgrade, use the Java system property '-Dsolr.redaction.system.pattern=.(password|secret|basicauth).' to fix the issue.