CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL (potentially including credentials) could be leaked to package_search calls as part of the returned error message. This has been patched in CKAN 2.10.5 and 2.11.0.
History

Fri, 23 Aug 2024 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Okfn
Okfn ckan
CPEs cpe:2.3:a:okfn:ckan:*:*:*:*:*:*:*:*
Vendors & Products Okfn
Okfn ckan

Wed, 21 Aug 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Ckan
Ckan ckan
CPEs cpe:2.3:a:ckan:ckan:*:*:*:*:*:*:*:*
Vendors & Products Ckan
Ckan ckan
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 21 Aug 2024 14:45:00 +0000

Type Values Removed Values Added
Description CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL (potentially including credentials) could be leaked to package_search calls as part of the returned error message. This has been patched in CKAN 2.10.5 and 2.11.0.
Title CKAN may leak Solr credentials via error message in package_search action
Weaknesses CWE-209
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-08-21T14:31:26.240Z

Updated: 2024-08-21T15:32:22.705Z

Reserved: 2024-07-18T15:21:47.486Z

Link: CVE-2024-41674

cve-icon Vulnrichment

Updated: 2024-08-21T15:32:08.866Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-21T15:15:08.770

Modified: 2024-08-23T17:06:58.063

Link: CVE-2024-41674

cve-icon Redhat

No data.