CVE-2022-43685 – ckan

Package

Manager: pip
Name: ckan
Vulnerable Version: >=0 <2.9.7

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00267 pctl0.49982

Details

CKAN contains Improper Authentication leading to account takeover CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.

Metadata

Created: 2022-11-22T03:30:56Z
Modified: 2025-04-29T13:14:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-m2xp-jxfg-qq6g/GHSA-m2xp-jxfg-qq6g.json
CWE IDs: ["CWE-287", "CWE-862"]
Alternative ID: GHSA-m2xp-jxfg-qq6g
Finding: F039
Auto approve: 1