CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL (potentially including credentials) could be leaked to package_search calls as part of the returned error message. This has been patched in CKAN 2.10.5 and 2.11.0.
Metrics
Affected Vendors & Products
References
History
Fri, 23 Aug 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Okfn
Okfn ckan |
|
CPEs | cpe:2.3:a:okfn:ckan:*:*:*:*:*:*:*:* | |
Vendors & Products |
Okfn
Okfn ckan |
Wed, 21 Aug 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ckan
Ckan ckan |
|
CPEs | cpe:2.3:a:ckan:ckan:*:*:*:*:*:*:*:* | |
Vendors & Products |
Ckan
Ckan ckan |
|
Metrics |
ssvc
|
Wed, 21 Aug 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL (potentially including credentials) could be leaked to package_search calls as part of the returned error message. This has been patched in CKAN 2.10.5 and 2.11.0. | |
Title | CKAN may leak Solr credentials via error message in package_search action | |
Weaknesses | CWE-209 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-08-21T14:31:26.240Z
Updated: 2024-08-21T15:32:22.705Z
Reserved: 2024-07-18T15:21:47.486Z
Link: CVE-2024-41674
Vulnrichment
Updated: 2024-08-21T15:32:08.866Z
NVD
Status : Analyzed
Published: 2024-08-21T15:15:08.770
Modified: 2024-08-23T17:06:58.063
Link: CVE-2024-41674
Redhat
No data.