Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12NnhwLWNjdngtdzUybc4AA26q
Json response for search reveals Solr credentials
Impact
An error in Ibexa's Solr search engine results in potential exposure of Solr credentials. This is a critical vulnerability and all supported versions of the engine are affected. Those not using the Solr search engine are not affected.
Patches
The issue is fixed in all supported versions of ibexa/solr, see "Patched versions".
An advisory is also published for ezsystems/ezplatform-solr-search-engine, please see that repository.
Commit: https://github.com/ibexa/solr/commit/2f8b711874bee1ebe31fb8a6362e0c8e52c53012
Workarounds
None.
References
Permalink: https://github.com/advisories/GHSA-v6xp-ccvx-w52mJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NnhwLWNjdngtdzUybc4AA26q
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 1 year ago
Updated: about 1 year ago
Identifiers: GHSA-v6xp-ccvx-w52m
References:
- https://github.com/ibexa/solr/security/advisories/GHSA-v6xp-ccvx-w52m
- https://github.com/ibexa/solr/commit/2f8b711874bee1ebe31fb8a6362e0c8e52c53012
- https://github.com/advisories/GHSA-v6xp-ccvx-w52m
Blast Radius: 0.0
Affected Packages
packagist:ibexa/solr
Dependent packages: 5Dependent repositories: 6
Downloads: 454,326 total
Affected Version Ranges: >= 4.5.0, < 4.5.4
Fixed in: 4.5.4
All affected versions: 4.5.0, 4.5.1, 4.5.2, 4.5.3
All unaffected versions: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.5.4, 4.5.5, 4.5.6, 4.5.7, 4.6.0, 4.6.1, 4.6.2, 4.6.3, 4.6.4, 4.6.5, 4.6.6, 4.6.7, 4.6.8, 4.6.9, 4.6.10, 4.6.11, 4.6.12, 4.6.13