CVE-2022-43685
pypi/ckan
Improper Authentication
CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.
All versions before 2.8.12, all versions starting from 2.9.0 before 2.9.7
Upgrade to versions 2.8.12, 2.9.7 or above.
2022-11-24
source |