CVE-2023-50291 is a high-severity vulnerability affecting Apache Solr versions from 6.0.0 through 8.11.2 and from 9.0.0 before 9.3.0. The vulnerability arises from insufficient protection of sensitive credentials exposed via the /admin/info/properties endpoint. This endpoint displays Java system properties on the Solr Admin UI home screen. Originally, the endpoint was configured to hide only system properties containing the string "password" in their names. However, other sensitive properties such as "basicauth" and "aws.secretKey" do not contain "password" and were thus inadvertently exposed. This exposure allows any authenticated user with the "config-read" permission to view sensitive credentials, potentially including authentication tokens and secret keys. The vulnerability does not require user interaction beyond authentication and does not require elevated privileges beyond the "config-read" permission. The issue is addressed in Apache Solr versions 9.3.0 and 8.11.3, where a new Java system property "-Dsolr.hiddenSysProps" controls the redaction of all sensitive properties, including those containing "secret" or "basicauth". For users unable to upgrade immediately, a workaround is available by setting the Java system property '-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*' to redact these sensitive properties. The vulnerability is classified under CWE-522 (Insufficiently Protected Credentials) and has a CVSS 3.1 base score of 7.5, indicating high severity with network attack vector, low attack complexity, no privileges required, and no user interaction needed. No known exploits are currently reported in the wild.

For European organizations, this vulnerability poses a significant risk to confidentiality. Apache Solr is widely used for enterprise search and indexing solutions across various sectors including government, finance, healthcare, and e-commerce. Exposure of sensitive credentials such as basic authentication tokens and AWS secret keys can lead to unauthorized access to Solr instances, data leakage, and potential lateral movement within networks. Attackers gaining access to these credentials could manipulate search configurations, extract sensitive indexed data, or pivot to other cloud resources if AWS credentials are compromised. Given the vulnerability requires only "config-read" permission, insider threats or compromised low-privilege accounts could exploit this flaw. The impact is heightened in environments where Solr is integrated with critical business applications or stores sensitive personal data subject to GDPR regulations, potentially leading to regulatory fines and reputational damage. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as attackers often reverse engineer patches to develop exploits. Organizations relying on older Solr versions are particularly at risk until they apply the recommended updates or mitigations.

European organizations should prioritize upgrading Apache Solr to versions 9.3.0 or 8.11.3 where the vulnerability is fully addressed. If immediate upgrade is not feasible, apply the Java system property workaround '-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*' to ensure all sensitive system properties are redacted from the /admin/info/properties endpoint. Additionally, review and tighten access controls to limit the "config-read" permission strictly to trusted administrators. Implement strong authentication mechanisms such as multi-factor authentication (MFA) for all users with this permission. Monitor Solr logs for unusual access patterns to the /admin/info/properties endpoint. Conduct regular audits of system properties and credentials stored in Solr configurations to minimize exposure. Network segmentation should be employed to restrict access to Solr admin interfaces to internal trusted networks only. Finally, integrate vulnerability scanning and configuration management tools to detect and remediate outdated Solr versions and insecure configurations proactively.