CVE-2023-50291

HIGHNVD 7.57.5
EchelonGraph scoreMEDIUM confidence

This high-severity CVE scores 7.5 under NVD CVSS v3. EPSS exploit probability: 3.1%, top 13% of all CVEs by exploit prediction. GitHub Security Advisory data not yet ingested — confidence will rise once GHSA publishes (typical lag: hours to days for open-source ecosystem CVEs; never for infrastructure-only CVEs).

Triggered by: NVD CVSS baseline
Sources: epss, nvd
7.5
EchelonGraph verdictPlan a fixSerious severity, but no confirmed exploitation yet.
  • High severity, but no confirmed exploitation yet
CISA-KEV: Not listedEPSS: 3%CVSS: 7.5Exploit: NoneExposed: 0

No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.

Insufficiently Protected Credentials vulnerability in Apache Solr.

This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had "password" contained in the name. There are a number of sensitive system properties, such as "basicauth" and "aws.secretKey" do not contain "password", thus their values were published via the "/admin/info/properties" endpoint. This endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI.

This /admin/info/properties endpoint is protected under the "config-read" permission. Therefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the "config-read" permission. Users are recommended to upgrade to version 9.3.0 or 8.11.3, which fixes the issue. A single option now controls hiding Java system property for all endpoints, "-Dsolr.hiddenSysProps". By default all known sensitive properties are hidden (including "-Dbasicauth"), as well as any property with a name containing "secret" or "password".

Users who cannot upgrade can also use the following Java system property to fix the issue:   '-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*'

CVSS v3
7.5
EG Score
7.5(medium)
EPSS
87.1%
KEV
Not listed

Published

February 9, 2024

Last Modified

May 15, 2025

Affected Packages

(1 across 1 ecosystem)
Maven(1)
PackageVulnerable rangeFixed inDependents
org.apache.solr:solr-core9.0.0, 9.1.0, 9.1.1, 9.2.0, 9.2.19.3.0

Weakness Classification(1)

MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.

Frequently asked(5)

What is CVE-2023-50291?
CVE-2023-50291 is a high vulnerability published on February 9, 2024. Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties…
When was CVE-2023-50291 disclosed?
CVE-2023-50291 was first published in the National Vulnerability Database on February 9, 2024, with the most recent update on May 15, 2025. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2023-50291 actively exploited?
CVE-2023-50291 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 87.1% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
What is the CVSS score of CVE-2023-50291?
CVE-2023-50291 has a CVSS v3 base score of 7.5 (NVD).
How do I remediate CVE-2023-50291?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2023-50291, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

See which npm, PyPI, Go, and Maven packages are affected by CVE-2023-50291

Explore →

Is Your Infrastructure Affected by CVE-2023-50291?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.