GHSA-v6xp-ccvx-w52m: 
PHP vulnerability analysis and mitigation

A critical vulnerability was discovered in Ibexa's Solr search engine (GHSA-v6xp-ccvx-w52m) that could potentially expose Solr credentials. The vulnerability affects versions 4.5.0 through 4.5.4 of the ibexa/solr package. The issue was disclosed and patched on November 3, 2023, with version 4.5.4 containing the fix. This security flaw only impacts systems actively using the Solr search engine functionality (GitHub Advisory).

The vulnerability (CWE-200: Information Exposure) stems from an error in the way the search engine handles credential information in JSON responses. The issue was specifically related to the exposure of authentication credentials in the endpoint identifier implementation, as evidenced by the security patch that modified the credential handling in the Gateway/Endpoint.php file (Ibexa Commit).

The vulnerability could lead to the unauthorized disclosure of Solr credentials, potentially allowing attackers to gain access to the Solr search infrastructure. This exposure is classified as a critical security issue that affects all supported versions of the engine prior to the patch (GitHub Advisory).

The vulnerability has been patched in version 4.5.4 of ibexa/solr. No workarounds are available, and users are strongly advised to upgrade to the patched version immediately. The fix has been implemented across all supported versions of the software (GitHub Advisory).