Fuhuxia

**Name of the Vulnerable Software and Affected Versions** CKAN versions prior to 2.10.5 CKAN versions prior to 2.11.0 **Description** CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL (potentially including credentials) could be leaked to `package search` calls as part of the returned error message. **Recommendations** For CKAN versions prior to 2.10.5, update to version 2.10.5 or later to resolve the issue. For CKAN versions prior to 2.11.0, update to version 2.11.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `package search` calls until a patch is available.