CVE-2024-41674
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL (potentially including credentials) could be leaked to package_search calls as part of the returned error message. This has been patched in CKAN 2.10.5 and 2.11.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ckan | ckan | >= 2.0, < 2.10.5 | affected |
Weaknesses
- CWE-209: CWE-209: Generation of Error Message Containing Sensitive Information
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://github.com/ckan/ckan/security/advisories/GHSA-2rqw-cfhc-35fh
- https://github.com/ckan/ckan/commit/f6b032cd7082d784938165bbd113557639002ca7
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.