Search API Solr - Moderately critical - Access bypass - SA-CONTRIB-2018-065

Project:

Search API Solr

Date:

2018-October-10

Security risk:

Moderately critical 10∕25 AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon

Vulnerability:

Access bypass

Description:

This module provides support for creating searches using the Apache Solr search engine and the Search API Drupal module.

The module doesn't sufficiently take the searched fulltext fields into account when creating a search excerpt. This can, in specific cases, lead to confidential data being leaked as part of the search excerpt.

Solution:

Install the latest version:

If you use the Search API Solr Search module for Drupal 7.x, upgrade to Search API Solr Search 7.x-1.14

Also see the Search API Solr Search project page.

Reported By:

Ronino

Fixed By:

Coordinated By:

Michael Hess of the Drupal Security Team
Greg Knaddison of the Drupal Security Team

Contact and more information

The Drupal security team can be reached by email at security at drupal.org or via the contact form.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter @drupalsecurity or Mastodon drupalsecurity@drupal.community.

Search API Solr - Moderately critical - Access bypass - SA-CONTRIB-2018-065

Contact and more information

Contributing organizations for this advisory

Thank you to these Drupal contributors

News items

Our community

Documentation

Drupal code base

Governance of community