Описание
Json response for search reveals Solr credentials
Impact
An error in Ibexa's Solr search engine results in potential exposure of Solr credentials. This is a critical vulnerability and all supported versions of the engine are affected. Those not using the Solr search engine are not affected.
Patches
The issue is fixed in all supported versions of ibexa/solr, see "Patched versions". An advisory is also published for ezsystems/ezplatform-solr-search-engine, please see that repository. Commit: https://github.com/ibexa/solr/commit/2f8b711874bee1ebe31fb8a6362e0c8e52c53012
Workarounds
None.
References
Пакеты
Наименование
ibexa/solr
composer
Затронутые версииВерсия исправления
>= 4.5.0, < 4.5.4
4.5.4
Дефекты
CWE-200
Дефекты
CWE-200