Sitecore Connector Security Update

A security vulnerability has been identified in our Sitecore Connector plugin for that could allow code to access Sitecore content that would otherwise be inaccessible.

This security vulnerability affects only customers using the following Coveo connectors:

CES 7.0.6684– (May 2014) Coveo for Sitecore 3.0.381– (April 2014) If you use one of the above connectors, Coveo highly recommends that you upgrade the Coveo plugin on your Sitecore instance to ensure that the vulnerability is fixed for your website.

Note: This security vulnerability does not affect customers using the Web Pages Connector to index their Sitecore site.

Refer to the following applicable procedure to resolve the vulnerability:

Security Update for Coveo for Sitecore

Note: In the PDF, search for "Coveo for Sitecore Not Properly Replicating the Sitecore Permission Model".

Security Update for Sitecore Connector

OR

Security Update for Sitecore Legacy Connector

Note: In both PDFs, search for "Security Update for Sitecore and Sitecore Legacy Connectors".

For help installing updates, contact Coveo Support.

Ask your questions on connect.coveo.com.

People who viewed this topic also viewed

Community

Product DocsMenu

Sitecore Connector Security Update