CVE-2023-50290: Apache Solr’s ‘Important’ Severity Security Flaw

A new security vulnerability was found in Apache Solr, an open-source enterprise-search platform renowned for its robust full-text search, real-time indexing, and seamless integration with databases and NoSQL systems. This platform, written in Java and utilized by organizations worldwide, has been blindsided by a vulnerability that threatens to expose sensitive information.

Designated with an ‘Important‘ severity rating, CVE-2023-50290 is a security flaw that allows unauthorized read access to the host environment of Apache Solr instances. At its core, this vulnerability lies in the Solr Metrics API, which inadvertently publishes unprotected environment variables. These variables, unlike Java system properties, cannot be strictly defined within Solr and may contain sensitive information set for the entire host.

The Solr Metrics API, typically shielded by the “metrics-read” permission, becomes the root cause in this scenario. In setups where Solr Clouds are configured with Authorization, only users with “metrics-read” permission pose a risk. However, the default configuration fails to adequately conceal known secret Java system properties, leaving a backdoor open for unauthorized actors to exploit. The versions of Apache Solr impacted by CVE-2023-50290 range from 9.0 to 9.2.1.

To counteract this vulnerability, users are urged to upgrade to Apache Solr version 9.3.0 or later. In these updated versions, environment variables are no longer published through the Metrics API, effectively sealing the breach and safeguarding sensitive information. This upgrade is more than a patch; it’s a crucial step in reinforcing the weakness of Apache Solr against the ever-evolving threats in the cyber landscape.