Sensitive Information Exposure

org.apache.solr: solr-core is vulnerable to Sensitive Information Exposure. The vulnerability is caused due to publishing all unprotected environment variables available to each Apache Solr instance thorough Solr Metrics API. An attacker can access Sensitive Information by exploiting this vulnerability as the default environment variable list is designed to work for known secret Java system properties and can be set for entire host instead of per process. The users with "metrics-read" permission are only…Read More