Json response for search reveals Solr credentials

Impact

An error in Ibexa's Solr search engine results in potential exposure of Solr credentials. This is a critical vulnerability and all supported versions of the engine are affected. Those not using the Solr search engine are not affected.

Patches

The issue is fixed in all supported versions of ibexa/solr, see "Patched versions". An advisory is also published for ezsystems/ezplatform-solr-search-engine, please see that repository. Commit: https://github.com/ibexa/solr/commit/2f8b711874bee1ebe31fb8a6362e0c8e52c53012

Workarounds

None.

References

https://developers.ibexa.co/security-advisories/ibexa-sa-2023-005-vulnerabilities-in-solr-search-and-file-downloads

Published: Nov 3, 2023
Updated: Nov 4, 2023
GHSA: GHSA-v6xp-ccvx-w52m
Severity: Critical
Exploit:

No technical information available.

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
ibexa / solr	4.5.0	4.5.4

https://github.com/ibexa/solr/commit/2f8b711874bee1ebe31fb8a6362e0c8e52c53012
https://github.com/ibexa/solr/security/advisories/GHSA-v6xp-ccvx-w52m

Vulnerability Database

289,571

Json response for search reveals Solr credentials

Impact

Patches

Workarounds

References