WCM RnD created SOLR-15431:
------------------------------
Summary: Security vulnerability with Bouncy Castle library within
Apache Solr 8.8.2
Key: SOLR-15431
URL: https://issues.apache.org/jira/browse/SOLR-15431
Project: Solr
Issue Type: Bug
Security Level: Public (Default Security Level. Issues are Public)
Affects Versions: 8.8.2
Reporter: WCM RnD
High Security vulnerability has been reported for the Bouncy Castle library
(*bcprov-jdk15on-1.65.jar*) that is bundled within Apache Solr 8.8.2
h1. Vulnerability Details
h2. CVE-2020-26939
CVE-2020-28052
*Affected Component(s):* Bouncy Castle BC Java 1.65 and 1.66.
*Vulnerability Published:* Dec 17, 2020
*Vulnerability Updated:* Apr 6, 2021
*CVSS Score:* 8.1
*Summary*: An issue was discovered in Legion of the Bouncy Castle BC Java 1.65
and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect
data when checking the password, allowing incorrect passwords to indicate they
were matching with previously hashed ones that were different.
Recommendation is to update to Bouncy Castle version 1.68.0
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
