You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Json response for search reveals Solr credentials
Critical severity
GitHub Reviewed
Published
Nov 3, 2023
in
ibexa/solr
•
Updated Nov 3, 2023
An error in Ibexa's Solr search engine results in potential exposure of Solr credentials. This is a critical vulnerability and all supported versions of the engine are affected. Those not using the Solr search engine are not affected.
Patches
The issue is fixed in all supported versions of ibexa/solr, see "Patched versions".
An advisory is also published for ezsystems/ezplatform-solr-search-engine, please see that repository.
Commit: ibexa/solr@2f8b711
Impact
An error in Ibexa's Solr search engine results in potential exposure of Solr credentials. This is a critical vulnerability and all supported versions of the engine are affected. Those not using the Solr search engine are not affected.
Patches
The issue is fixed in all supported versions of ibexa/solr, see "Patched versions".
An advisory is also published for ezsystems/ezplatform-solr-search-engine, please see that repository.
Commit: ibexa/solr@2f8b711
Workarounds
None.
References
https://developers.ibexa.co/security-advisories/ibexa-sa-2023-005-vulnerabilities-in-solr-search-and-file-downloads
References