CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50248 – CKAN out of memory error when submitting the dataset form with a specially-crafted field
https://notcve.org/view.php?id=CVE-2023-50248
CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the `/dataset/new` endpoint (including either the auth cookie or the `Authorization` header) with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server. To trigger this error, the attacker need to have permissions to create or edit datasets. This vulnerability has been patched in CKAN 2.10.3 and 2.9.10. CKAN es un sistema de gestión de datos de código abierto para impulsar centros y portales de datos. • https://github.com/ckan/ckan/commit/bd02018b65c5b81d7ede195d00d0fcbac3aa33be https://github.com/ckan/ckan/security/advisories/GHSA-7fgc-89cx-w8j5 • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32696 – Excessive permissions for ckan user
https://notcve.org/view.php?id=CVE-2023-32696
CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the `ckan` user (equivalent to www-data) owned code and configuration files in the docker container and the `ckan` user had the permissions to use sudo. These issues allowed for code execution or privilege escalation if an arbitrary file write bug was available. Versions 2.9.9, 2.9.9-dev, 2.10.1, and 2.10.1-dev contain a patch. • https://github.com/ckan/ckan-docker-base/commit/5483c46ce9b518a4e1b626ef7032cce2c1d75c7d https://github.com/ckan/ckan-docker-base/security/advisories/GHSA-c74x-xfvr-x5wg • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32321 – CKAN remote code execution and private information access via crafted resource ids
https://notcve.org/view.php?id=CVE-2023-32321
CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in `resource_create` and `package_update` actions, using the `ResourceUploader` object. Also reachable via `package_create`, `package_revise`, and `package_patch` via calls to `package_update`. Remote code execution via unsafe pickle loading, via Beaker's session store when configured to use the file session store backend. • https://github.com/ckan/ckan/blob/2a6080e61d5601fa0e2a0317afd6a8e9b7abf6dd/CHANGELOG.rst https://github.com/ckan/ckan/security/advisories/GHSA-446m-hmmm-hm8m • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22746 – CKAN is vulnerable to session secret shared across instances using Docker images
https://notcve.org/view.php?id=CVE-2023-22746
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the `.env` file, that key was shared across different CKAN instances, making it easy to forge authentication requests. Users overriding the default secret key in their own `.env` file are not affected by this issue. Note that the legacy images (ckan/ckan) located in the main CKAN repo are not affected by this issue. • https://github.com/ckan/ckan/commit/44af0f0a148fcc0e0fbcf02fe69b7db13459a84b https://github.com/ckan/ckan/commit/4c22c135fa486afa13855d1cdb9765eaf418d2aa https://github.com/ckan/ckan/security/advisories/GHSA-pr8j-v4c8-h62x • CWE-330: Use of Insufficiently Random Values CWE-344: Use of Invariant Value in Dynamically Changing Context •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43685
https://notcve.org/view.php?id=CVE-2022-43685
CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts. CKAN hasta 2.9.6 toma de control de cuentas por parte de usuarios no autenticados cuando se envía una identificación de usuario existente a través de una solicitud HTTP POST. Esto permite a un usuario hacerse cargo de una cuenta existente, incluidas las cuentas de superusuario. • https://ckan.org https://ckan.org/blog/get-latest-patch-releases-your-ckan-site-october-2022 •