GHSA-v6xp-ccvx-w52m
Suggest an improvement- Source
- https://github.com/advisories/GHSA-v6xp-ccvx-w52m
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-v6xp-ccvx-w52m/GHSA-v6xp-ccvx-w52m.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-v6xp-ccvx-w52m
- Published
- 2023-11-03T19:48:16Z
- Modified
- 2024-12-04T05:28:33.215367Z
- Summary
- Json response for search reveals Solr credentials
- Details
-
Impact
An error in Ibexa's Solr search engine results in potential exposure of Solr credentials. This is a critical vulnerability and all supported versions of the engine are affected. Those not using the Solr search engine are not affected.
Patches
The issue is fixed in all supported versions of ibexa/solr, see "Patched versions". An advisory is also published for ezsystems/ezplatform-solr-search-engine, please see that repository. Commit: https://github.com/ibexa/solr/commit/2f8b711874bee1ebe31fb8a6362e0c8e52c53012
Workarounds
None.
References
https://developers.ibexa.co/security-advisories/ibexa-sa-2023-005-vulnerabilities-in-solr-search-and-file-downloads
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-200" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2023-11-03T19:48:16Z" }- References
Affected packages
Packagist / ibexa/solr
Package
- Name
- ibexa/solr
- Purl
- pkg:composer/ibexa/solr