[jira] [Commented] (OFBIZ-12792) [CVE-2022-47501] Arbitrary file reading vulnerability in Solr
[
https://issues.apache.org/jira/browse/OFBIZ-12792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17768084#comment-17768084
]
ASF subversion and git services commented on OFBIZ-12792:
-
Commit 40434deb0e3e8dce16707bc43e2f33cbd8d3fc6a in ofbiz-plugins's branch
refs/heads/trunk from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=40434deb0 ]
Fixed: Execution of queries without authentication (OFBIZ-12857)
The problem lies with the Solr Plugin for OFBiz.
It allows the execution of queries without authentication.
This fixes it and, because it's more general, also fixes the CVE-2022-47501
("Arbitrary file reading vulnerability in Solr") that has been handled by
OFBIZ-12792.
> [CVE-2022-47501] Arbitrary file reading vulnerability in Solr
> -
>
> Key: OFBIZ-12792
> URL: https://issues.apache.org/jira/browse/OFBIZ-12792
> Project: OFBiz
> Issue Type: Sub-task
> Components: solr
>Reporter: Jacques Le Roux
>Assignee: Jacques Le Roux
>Priority: Major
> Fix For: 22.01.01, 18.12.07
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (OFBIZ-12792) [CVE-2022-47501] Arbitrary file reading vulnerability in Solr
[
https://issues.apache.org/jira/browse/OFBIZ-12792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17768082#comment-17768082
]
ASF subversion and git services commented on OFBIZ-12792:
-
Commit d3a7775e11dd180e4478cf11cf8668785ce29871 in ofbiz-plugins's branch
refs/heads/release22.01 from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=d3a7775e1 ]
Fixed: Execution of queries without authentication (OFBIZ-12857)
The problem lies with the Solr Plugin for OFBiz.
It allows the execution of queries without authentication.
This fixes it and, because it's more general, also fixes the CVE-2022-47501
("Arbitrary file reading vulnerability in Solr") that has been handled by
OFBIZ-12792.
> [CVE-2022-47501] Arbitrary file reading vulnerability in Solr
> -
>
> Key: OFBIZ-12792
> URL: https://issues.apache.org/jira/browse/OFBIZ-12792
> Project: OFBiz
> Issue Type: Sub-task
> Components: solr
>Reporter: Jacques Le Roux
>Assignee: Jacques Le Roux
>Priority: Major
> Fix For: 22.01.01, 18.12.07
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (OFBIZ-12792) [CVE-2022-47501] Arbitrary file reading vulnerability in Solr
[
https://issues.apache.org/jira/browse/OFBIZ-12792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17768080#comment-17768080
]
ASF subversion and git services commented on OFBIZ-12792:
-
Commit 998bf510a9e22fab3f8a54e6fa82cab0283ba712 in ofbiz-plugins's branch
refs/heads/release18.12 from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=998bf510a ]
Fixed: Execution of queries without authentication (OFBIZ-12857)
The problem lies with the Solr Plugin for OFBiz.
It allows the execution of queries without authentication.
This fixes it and, because it's more general, also fixes the CVE-2022-47501
("Arbitrary file reading vulnerability in Solr") that has been handled by
OFBIZ-12792.
Conflicts handled by hand
> [CVE-2022-47501] Arbitrary file reading vulnerability in Solr
> -
>
> Key: OFBIZ-12792
> URL: https://issues.apache.org/jira/browse/OFBIZ-12792
> Project: OFBiz
> Issue Type: Sub-task
> Components: solr
>Reporter: Jacques Le Roux
>Assignee: Jacques Le Roux
>Priority: Major
> Fix For: 22.01.01, 18.12.07
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
