[
https://issues.apache.org/jira/browse/SOLR-15431?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mayya Sharipova updated SOLR-15431:
-----------------------------------
Security: (was: Public)
> High Security vulnerability with Bouncy Castle library within Apache Solr
> 8.8.2
> -------------------------------------------------------------------------------
>
> Key: SOLR-15431
> URL: https://issues.apache.org/jira/browse/SOLR-15431
> Project: Solr
> Issue Type: Bug
> Affects Versions: 8.8.2
> Reporter: WCM RnD
> Priority: Major
>
> High Security vulnerability has been reported for the Bouncy Castle library
> (*bcprov-jdk15on-1.65.jar*) that is bundled within Apache Solr 8.8.2
> h1. Vulnerability Details
> h2. CVE-2020-26939
> CVE-2020-28052
> *Affected Component(s):* Bouncy Castle BC Java 1.65 and 1.66.
> *Vulnerability Published:* Dec 17, 2020
> *Vulnerability Updated:* Apr 6, 2021
> *CVSS Score:* 8.1
> *Summary*: An issue was discovered in Legion of the Bouncy Castle BC Java
> 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared
> incorrect data when checking the password, allowing incorrect passwords to
> indicate they were matching with previously hashed ones that were different.
>
> Recommendation is to update to Bouncy Castle version 1.68.0
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
