CVE-2023-50292

Summary

CVE-2023-50292 is an Incorrect Permission Assignment vulnerability affecting Apache Solr versions 8.10.0 through 8.11.2, and 9.0.0 before 9.3.0. The vulnerability stems from the Schema Designer feature, which was introduced to simplify Schema configuration but overlooked the trust (authentication) of configSets. As a result, non-authenticated users were able to load external libraries when using the Schema Designer, despite this functionality being restricted to trusted configSets. The vulnerability could potentially lead to Remote Code Execution. It is strongly advised that users upgrade to Apache Solr version 9.3.0 to mitigate this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.