CVE & CISA-KEV Catalog

CVE-2023-50291

HIGHEPSS 87th pctl
7.5
CVSS v3
NVD

Description

Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had "password" contained in the name. There are a number of sensitive system properties, such as "basicauth" and "aws.secretKey" do not contain "password", thus their values were published via the "/admin/info/properties" endpoint. This endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI. This /admin/info/properties endpoint is protected under the "config-read" permission. Therefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the "config-read" permission. Users are recommended to upgrade to version 9.3.0 or 8.11.3, which fixes the issue. A single option now controls hiding Java system property for all endpoints, "-Dsolr.hiddenSysProps". By default all known sensitive properties are hidden (including "-Dbasicauth"), as well as any property with a name containing "secret" or "password". Users who cannot upgrade can also use the following Java system property to fix the issue: '-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*'

How to fix

Remediation Available
lucene-solrDebian
Fixed in:3.6.2+dfsg-23CVE-2023-50291
Fixed in:3.6.2+dfsg-23CVE-2023-50291
Fixed in:3.6.2+dfsg-23CVE-2023-50291
Fixed in:3.6.2+dfsg-23CVE-2023-50291

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityNone
AvailabilityNone

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploit Intelligence

3.31%probability of exploitation in 30 days
87thpercentile

Elevated risk: more likely to be exploited than 87% of all known CVEs.

References

Vendor Advisory1
Mailing List1
Embed a live status badge for CVE-2023-50291
CVE-2023-50291 severity badge

Markdown

[![CVE-2023-50291](https://tridentstack.com/cve/badge/CVE-2023-50291.svg)](https://tridentstack.com/cve/CVE-2023-50291)

HTML

<a href="https://tridentstack.com/cve/CVE-2023-50291"><img src="https://tridentstack.com/cve/badge/CVE-2023-50291.svg" alt="CVE-2023-50291"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-05-15.