Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Apache Solr Schema Designer 代码执行漏洞 (CVE-2023-50292) #377

Open
y1ong opened this issue Feb 19, 2024 · 0 comments
Open

Apache Solr Schema Designer 代码执行漏洞 (CVE-2023-50292) #377

y1ong opened this issue Feb 19, 2024 · 0 comments
Labels

Comments

@y1ong
Copy link
Owner

y1ong commented Feb 19, 2024

漏洞描述

2024年2月,Apache Solr 官方披露 CVE-2023-50291 Apache Solr properties 敏感信息泄漏。攻击者可构造恶意请求利用 /admin/info/properties 泄漏相关敏感信息。官方已发布安全更新,建议升级至最新版本。

参考链接

  1. http://www.openwall.com/lists/oss-security/2024/02/09/3
  2. https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions
@y1ong y1ong added the vuln label Feb 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant