5.3

CVE-2024-41674

EPSS 0.38%
Veröffentlicht 21.08.2024 15:15:08
Zuletzt bearbeitet 23.08.2024 17:06:58
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

CKAN may leak Solr credentials via error message in package_search action

CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL (potentially including credentials) could be leaked to package_search calls as part of the returned error message. This has been patched in CKAN 2.10.5 and 2.11.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Okfn ≫ Ckan Version >= 2.0 < 2.10.5

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.293

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
security-advisories@github.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

https://github.com/ckan/ckan/commit/f6b032cd7082d784938165bbd113557639002ca7

Patch

https://github.com/ckan/ckan/security/advisories/GHSA-2rqw-cfhc-35fh

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-41674

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-41674

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-41674

EUVD