[jira] [Commented] (OFBIZ-12792) [CVE-2022-47501] Arbitrary file reading vulnerability in Solr

ASF subversion and git services (Jira) Fri, 22 Sep 2023 09:33:24 -0700


    [ 
https://issues.apache.org/jira/browse/OFBIZ-12792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17768080#comment-17768080
 ]


ASF subversion and git services commented on OFBIZ-12792:
---------------------------------------------------------

Commit 998bf510a9e22fab3f8a54e6fa82cab0283ba712 in ofbiz-plugins's branch 
refs/heads/release18.12 from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=998bf510a ]

Fixed: Execution of queries without authentication (OFBIZ-12857)

The problem lies with the Solr Plugin for OFBiz.
It allows the execution of queries without authentication.

This fixes it and, because it's more general, also fixes the CVE-2022-47501
("Arbitrary file reading vulnerability in Solr") that has been handled by
OFBIZ-12792.

Conflicts handled by hand


> [CVE-2022-47501] Arbitrary file reading vulnerability in Solr
> -------------------------------------------------------------
>
>                 Key: OFBIZ-12792
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-12792
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: solr
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Major
>             Fix For: 22.01.01, 18.12.07
>
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (OFBIZ-12792) [CVE-2022-47501] Arbitrary file reading vulnerability in Solr

Reply via email to