What is CVE-2023-50290?

CVE-2023-50290 is a vulnerability in Apache Software Foundation Solr, classified under Information Disclosure. Published 2024-01-15.

Is CVE-2023-50290 known to be exploited?

27 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Apache Software Foundation Solr

CVE-2023-50290

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environme…

Vulnerability class: Information Disclosure

EPSS: 0.930 (99.8th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Solr — versions 9.0.0

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

desaivinayak449/bug-bounty-reports-desai-vinayak
0day404/HV-2024-POC
12442RF/POC
AboSteam/POPC
DMW11525708/wiki
Lern0n/Lernon-POC
Linxloop/fork_
Marco-zcl/POC
Warren-Jace/poc-doc
WhosGa/MyWiki

References

solr.apache.org/security.html (vendor-advisory)

Frequently asked questions

What is CVE-2023-50290?: CVE-2023-50290 is a vulnerability in Apache Software Foundation Solr, classified under Information Disclosure. Published 2024-01-15.
Is CVE-2023-50290 known to be exploited?: 27 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.