Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CKAN may leak Solr credentials via error message in package_search action
Vulnerability Description
CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL (potentially including credentials) could be leaked to package_search calls as part of the returned error message. This has been patched in CKAN 2.10.5 and 2.11.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
通过错误消息导致的信息暴露
Vulnerability Title
CKAN 安全漏洞
Vulnerability Description
CKAN是CKAN开源的一个开源 DMS(数据管理系统)。用于为数据中心和数据门户提供动力。 CKAN存在安全漏洞,该漏洞源于如果Solr服务器出现连接问题,内部Solr URL会作为返回的错误消息的一部分泄露给package_search调用。
CVSS Information
N/A
Vulnerability Type
N/A