CVE-2023-50290 is a vulnerability in Apache Solr versions 9.0.0 up to but not including 9.3.0, classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The issue arises from the Solr Metrics API, which by default publishes all unprotected environment variables available to each Solr instance. While users can specify environment variables to hide, the default protections only cover known secret Java system properties. Environment variables differ from Java system properties in that they are set at the host level rather than per Java process, making it difficult to strictly define or restrict them within Solr. This results in potentially sensitive environment variables being exposed via the Metrics API. Access to this API requires the "metrics-read" permission, so only users with this permission can exploit the vulnerability. In environments where Solr Cloud is configured with authorization, the risk is limited to users granted this permission. The vulnerability does not require user interaction and can be exploited remotely over the network. The CVSS v3.1 base score is 6.5 (medium severity), reflecting high confidentiality impact but no impact on integrity or availability. The recommended remediation is to upgrade to Apache Solr version 9.3.0 or later, where environment variables are no longer published via the Metrics API, effectively mitigating the issue. No known exploits are currently reported in the wild.

For European organizations using Apache Solr versions 9.0.0 to before 9.3.0, this vulnerability poses a significant risk of sensitive information leakage. Environment variables often contain credentials, API keys, or configuration details that could facilitate further attacks if disclosed to unauthorized users. Although exploitation requires "metrics-read" permission, insider threats or compromised accounts with this permission could lead to unauthorized data exposure. This could result in loss of confidentiality, regulatory non-compliance (e.g., GDPR violations if personal data is indirectly exposed), and potential reputational damage. Since Solr is widely used in enterprise search and big data applications, exposure of environment variables could aid attackers in lateral movement or privilege escalation within affected organizations. The vulnerability does not affect system integrity or availability directly but undermines trust in system security and confidentiality.

1. Upgrade Apache Solr to version 9.3.0 or later immediately, as this version removes environment variable exposure via the Metrics API. 2. Review and restrict the assignment of the "metrics-read" permission to only trusted and necessary users or service accounts. 3. Audit environment variables on hosts running Solr to minimize sensitive data exposure; avoid storing secrets in environment variables where possible. 4. Implement network segmentation and access controls to limit who can reach the Solr Metrics API endpoints. 5. Monitor and log usage of the Metrics API to detect unusual access patterns or unauthorized attempts. 6. Consider additional application-layer encryption or secrets management solutions to reduce reliance on environment variables for sensitive data. 7. Conduct regular security assessments and penetration tests focusing on Solr deployments to identify any residual exposure.