CVE-2023-32321
- EPSS 1.68%
- Veröffentlicht 26.05.2023 23:15:18
- Zuletzt bearbeitet 21.11.2024 08:03:06
CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in `resource_create` and `package_update` ac...
CVE-2023-22746
- EPSS 0.69%
- Veröffentlicht 03.02.2023 22:15:11
- Zuletzt bearbeitet 21.11.2024 07:45:20
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom...
CVE-2022-43685
- EPSS 0.68%
- Veröffentlicht 22.11.2022 01:15:38
- Zuletzt bearbeitet 29.04.2025 05:15:45
CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.
CVE-2021-25967
- EPSS 0.49%
- Veröffentlicht 01.12.2021 14:15:07
- Zuletzt bearbeitet 21.11.2024 05:55:41
In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. This allows low privileged application users to store malicious scripts in their profile picture. These scripts are executed in...