WEB-4413Solr dashboards are publicly viewable
You'd expect that the admin part of the web services would be hidden from the public, specially dashboards for something as important as load balancing, I think.
This is a security risk. I don't know what you can do with a publicly facing Solr instance, but it lists info such as Java version, server RAM, Solr version, command line arguments, paths, etc. As well as options for handling collections of nodes, resource usage from them, etc.
I found these Solr dashboards with a subdomain search, and trying to connect to them with a web browser. I've gained access to the following instances:
