Credential Exposure Affecting github.com/apache/solr-operator/controllers/util package, versions <0.8.1
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOMAPACHESOLROPERATORCONTROLLERSUTIL-6810407
- published 8 May 2024
- disclosed 28 Apr 2024
- credit Flip Hess
How to fix?
Upgrade github.com/apache/solr-operator/controllers/util
to version 0.8.1 or higher.
Overview
Affected versions of this package are vulnerable to Credential Exposure due to using "command-based" liveness and readiness probes in some circumstances. When auth is enabled and required on the probe endpoints, these command-based probes rely on the special JAVA_TOOL_OPTIONS
env-var to tunnel the requisite settings and authentication credentials down through the {{bin/solr api}}
invocation. This could lead to a basic authentication credentials leakage.
References
CVSS Scores
version 3.1