[
https://issues.apache.org/jira/browse/OFBIZ-12857?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17768079#comment-17768079
]
ASF subversion and git services commented on OFBIZ-12857:
---------------------------------------------------------
Commit 998bf510a9e22fab3f8a54e6fa82cab0283ba712 in ofbiz-plugins's branch
refs/heads/release18.12 from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=998bf510a ]
Fixed: Execution of queries without authentication (OFBIZ-12857)
The problem lies with the Solr Plugin for OFBiz.
It allows the execution of queries without authentication.
This fixes it and, because it's more general, also fixes the CVE-2022-47501
("Arbitrary file reading vulnerability in Solr") that has been handled by
OFBIZ-12792.
Conflicts handled by hand
> Execution of queries without authentication
> -------------------------------------------
>
> Key: OFBIZ-12857
> URL: https://issues.apache.org/jira/browse/OFBIZ-12857
> Project: OFBiz
> Issue Type: Bug
> Components: solr
> Affects Versions: 22.01.01, 18.12.09
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Major
>
> A security reporter who does not want to be named reported it to us.
> The problem lies with the Solr Plugin for OFBiz. It allows the execution of
> queries without authentication.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
