[
https://issues.apache.org/jira/browse/OFBIZ-12857?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17768081#comment-17768081
]
ASF subversion and git services commented on OFBIZ-12857:
---------------------------------------------------------
Commit d3a7775e11dd180e4478cf11cf8668785ce29871 in ofbiz-plugins's branch
refs/heads/release22.01 from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=d3a7775e1 ]
Fixed: Execution of queries without authentication (OFBIZ-12857)
The problem lies with the Solr Plugin for OFBiz.
It allows the execution of queries without authentication.
This fixes it and, because it's more general, also fixes the CVE-2022-47501
("Arbitrary file reading vulnerability in Solr") that has been handled by
OFBIZ-12792.
> Execution of queries without authentication
> -------------------------------------------
>
> Key: OFBIZ-12857
> URL: https://issues.apache.org/jira/browse/OFBIZ-12857
> Project: OFBiz
> Issue Type: Bug
> Components: solr
> Affects Versions: 22.01.01, 18.12.09
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Major
>
> A security reporter who does not want to be named reported it to us.
> The problem lies with the Solr Plugin for OFBiz. It allows the execution of
> queries without authentication.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
