You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by "Mayya Sharipova (Jira)" <ji...@apache.org> on 2021/06/23 13:50:08 UTC
[jira] [Updated] (SOLR-15431) High Security vulnerability with
Bouncy Castle library within Apache Solr 8.8.2
[ https://issues.apache.org/jira/browse/SOLR-15431?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mayya Sharipova updated SOLR-15431:
-----------------------------------
Security: (was: Public)
> High Security vulnerability with Bouncy Castle library within Apache Solr 8.8.2
> -------------------------------------------------------------------------------
>
> Key: SOLR-15431
> URL: https://issues.apache.org/jira/browse/SOLR-15431
> Project: Solr
> Issue Type: Bug
> Affects Versions: 8.8.2
> Reporter: WCM RnD
> Priority: Major
>
> High Security vulnerability has been reported for the Bouncy Castle library (*bcprov-jdk15on-1.65.jar*) that is bundled within Apache Solr 8.8.2
> h1. Vulnerability Details
> h2. CVE-2020-26939
> CVE-2020-28052
> *Affected Component(s):* Bouncy Castle BC Java 1.65 and 1.66.
> *Vulnerability Published:* Dec 17, 2020
> *Vulnerability Updated:* Apr 6, 2021
> *CVSS Score:* 8.1
> *Summary*: An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.
>
> Recommendation is to update to Bouncy Castle version 1.68.0
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org