daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2023/CVE-2023-50290.yaml

67 lines
2.6 KiB
YAML
Raw Normal View History

Create CVE-2023-50290.yaml
2024-01-16 18:30:34 +00:00
id: CVE-2023-50290
info:
misc changes
2024-01-16 21:11:04 +00:00
name: Apache Solr - Host Environment Variables Leak via Metrics API
Create CVE-2023-50290.yaml
2024-01-16 18:30:34 +00:00
author: Banana69,DhiyaneshDK
TemplateMan Update [Mon Jan 29 17:11:13 UTC 2024] :robot:
2024-01-29 17:11:14 +00:00
severity: medium
misc changes
2024-01-16 21:11:04 +00:00
description: |
Exposure of Sensitive Information to an Unauthorized Actor Vulnerability in Apache Solr.
The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users can specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host,unlike Java system properties which are set per-Java-proccess.
TemplateMan Update [Mon Jan 29 17:11:13 UTC 2024] :robot:
2024-01-29 17:11:14 +00:00
impact: |
This vulnerability can lead to the exposure of sensitive information, potentially allowing an attacker to gain unauthorized access or perform further attacks.
remediation: Users are recommended to upgrade to version 9.3.0 or later, in which environment variables are not published via the Metrics API.
Create CVE-2023-50290.yaml
2024-01-16 18:30:34 +00:00
reference:
- https://solr.apache.org/security.html#cve-2023-50290-apache-solr-allows-read-access-to-host-environment-variables
- https://x.com/sirifu4k1/status/1746755165066236216?s=20
misc changes
2024-01-16 21:11:04 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2023-50290
TemplateMan Update [Mon Jan 29 17:11:13 UTC 2024] :robot:
2024-01-29 17:11:14 +00:00
- https://github.com/wy876/POC
- https://github.com/wy876/wiki
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cvss-score: 6.5
cve-id: CVE-2023-50290
TemplateMan Update [Sat Mar 23 09:28:19 UTC 2024] :robot:
2024-03-23 09:28:19 +00:00
cwe-id: CWE-200,NVD-CWE-noinfo
TemplateMan Update [Mon Jan 29 17:11:13 UTC 2024] :robot:
2024-01-29 17:11:14 +00:00
epss-score: 0.05452
product/queries updated
2024-05-31 19:23:20 +00:00
epss-percentile: 0.93157
TemplateMan Update [Mon Jan 29 17:11:13 UTC 2024] :robot:
2024-01-29 17:11:14 +00:00
cpe: cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
Create CVE-2023-50290.yaml
2024-01-16 18:30:34 +00:00
metadata:
TemplateMan Update [Mon Jan 29 11:58:34 UTC 2024] :robot:
2024-01-29 11:58:34 +00:00
max-request: 1
TemplateMan Update [Mon Jan 29 17:11:13 UTC 2024] :robot:
2024-01-29 17:11:14 +00:00
vendor: apache
product: solr
TemplateMan Update [Fri Jun 7 10:04:28 UTC 2024] :robot:
2024-06-07 10:04:29 +00:00
shodan-query:
- "title:\"Apache Solr\""
- http.title:"apache solr"
- cpe:"cpe:2.3:a:apache:solr"
- http.title:"solr admin"
fofa-query:
- title="solr admin"
- title="apache solr"
google-query:
- intitle:"apache solr"
- intitle:"solr admin"
misc changes
2024-01-16 21:11:04 +00:00
tags: cve,cve2023,apache,solr,exposure
Create CVE-2023-50290.yaml
2024-01-16 18:30:34 +00:00
http:
- method: GET
path:
- "{{BaseURL}}/solr/admin/metrics"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"responseHeader":'
- '"solr.jetty":'
- 'system.env'
condition: and
- type: word
part: header
words:
- 'application/json'
- type: status
status:
- 200
Auto Template Signing [Sat Jun 1 06:52:59 UTC 2024] :robot:
2024-06-01 06:53:00 +00:00
# digest: 4b0a00483046022100dfc250b821506c211571ede1dc2ed5a1a66df436723ab98c40b9002c978410fa022100c47b941c9ef9a9b77e73bbf54e94a9ab5a094e082906629c36ae0f7bb6b2bca7:922c64590222798bb761d5b6d8e72950