漏洞描述
Apache Solr 是一款开源搜索引擎。自Apache Solr 9.0.0起,由于 Solr Metrics API默认输出所有未单独配置保护策略的环境变量,导致在未配置认证的情况下攻击者可构造恶意请求,从而获取到运行 Solr实例的主机上的所有系统环境变量,包括敏感信息的配置、密钥等
Apache Solr 环境变量信息泄漏漏洞(CVE-2023-50290)
PoC代码
暂无相关漏洞推荐
- CVE-2019-17558: Apache Solr Velocity Template RCE
- solr-file-read: Apache Solr <= 8.8.1 Arbitrary File Read
- Apache Solr /solr/admin/cores XML 外部实体注入漏洞(CVE-2017-12629)
- POC CVE-2017-12629: Apache Solr <= 7.1 - XML Entity Injection
- POC CVE-2019-0192: Apache Solr - Deserialization of Untrusted Data
- POC CVE-2019-0193: Apache Solr DataImportHandler <8.2.0 - Remote Code Execution
- POC CVE-2019-17558: Apache Solr <=8.3.1 - Remote Code Execution
- POC CVE-2021-27905: Apache Solr <=8.8.1 - Server-Side Request Forgery
- POC CVE-2023-50290: Apache Solr - Host Environment Variables Leak via Metrics API
- POC CVE-2024-45216: Apache Solr - Authentication Bypass
- POC CVE-2017-12629: Apache Solr <= 7.1 XML entity injection
- POC CVE-2019-0193: Apache Solr Remote Code Execution
- POC CVE-2021-27905: Apache Solr <= 8.8.1 SSRF