Security advisory: IBEXA-SA-2023-005

Vulnerabilities in Solr search and file downloads
Publication date:
03/11/2023, 13:31


Affected versions: Ibexa DXP v4.5.*, Ibexa DXP v3.3.*, eZ Platform v2.5.*
Resolving versions: Ibexa DXP v4.5.4, Ibexa DXP v3.3.36, eZ Platform v2.5.32

This security advisory concerns two fixes released together, one of which is of critical severity. We strongly recommend applying the fixes as soon as possible if you are affected.

Solr search response can reveal Solr credentials

An error in Ibexa's Solr search engine results in potential exposure of Solr credentials. This is a critical vulnerability and all supported versions of the engine are affected.
Ibexa DXP v4.5: ibexa/solr v4.5.4
Ibexa DXP v3.3: ezsystems/ezplatform-solr-search-engine v3.3.15
eZ Platform v2.5: ezsystems/ezplatform-solr-search-engine v2.0.2
eZ Platform v2.5: ezsystems/ezplatform-solr-search-engine v1.7.12

Download route allows filename change

The route used for file downloads allows specifying the name of the downloaded file. This is an unintended side effect of the implementation, and means one could construct download URLs with filenames that have no relation to the actual file, which could lead to misunderstandings and confusion, and possibly other harm. As such it is a low severity vulnerability. It affects all supported versions of Ibexa DXP and eZ Platform.
Ibexa DXP v4.5: ibexa/core v4.5.4
Ibexa DXP v3.3: ezsystems/ezplatform-kernel v1.3.34
eZ Platform v2.5: ezsystems/ezpublish-kernel v7.5.31

Have you found a security bug in Ibexa DXP? See how to report it responsibly here:

All security advisories