PT-2024-29499 · Ckan · Ckan
Fuhuxia
·
Published
2024-08-21
·
Updated
2024-08-23
·
CVE-2024-41674
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
CKAN versions prior to 2.10.5
CKAN versions prior to 2.11.0
Description
CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL (potentially including credentials) could be leaked to
package search calls as part of the returned error message.Recommendations
For CKAN versions prior to 2.10.5, update to version 2.10.5 or later to resolve the issue.
For CKAN versions prior to 2.11.0, update to version 2.11.0 or later to resolve the issue.
As a temporary workaround, consider restricting access to the
package search calls until a patch is available.Exploit
Fix
Generation of Error Message Containing Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ckan