[Security-news] Search API Solr Search - Moderately critical - Access bypass - SA-CONTRIB-2018-065
security-news at drupal.org
security-news at drupal.org
Wed Oct 10 17:29:08 UTC 2018
View online: https://www.drupal.org/sa-contrib-2018-065
Project: Search API Solr Search [1]
Version: 7.x-1.13
Date: 2018-October-10
Security risk: *Moderately critical* 10∕25
AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon [2]
Vulnerability: Access bypass
Description:
This module provides support for creating searches using the Apache Solr
search engine and the Search API Drupal module.
The module doesn't sufficiently take the searched fulltext fields into
account when creating a search excerpt. This can, in specific cases, lead to
confidential data being leaked as part of the search excerpt.
Solution:
Install the latest version:
* If you use the Search API Solr Search module for Drupal 7.x, upgrade to
Search API Solr Search 7.x-1.14 [3]
Also see the Search API Solr Search [4] project page.
Reported By:
* Ronino [5]
Fixed By:
* Thomas Seidl [6]
* Markus Kalkbrenner [7]
* Ronino [8]
Coordinated By:
* Michael Hess [9] of the Drupal Security Team
* Greg Knaddison [10] of the Drupal Security Team
[1] https://www.drupal.org/project/search_api_solr
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/search_api_solr/releases/7.x-1.14
[4] https://www.drupal.org/project/search_api_solr
[5] https://www.drupal.org/user/645948
[6] https://www.drupal.org/user/205582
[7] https://www.drupal.org/user/124705
[8] https://www.drupal.org/user/645948
[9] https://www.drupal.org/u/mlhess
[10] https://www.drupal.org/u/greggles
More information about the Security-news
mailing list