CVE-2022-43685

Improper Authentication in pypi/ckan

Identifiers

CVE-2022-43685

Package Slug

pypi/ckan

Vulnerability

Improper Authentication

Description

CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.

Affected Versions

All versions before 2.8.12, all versions starting from 2.9.0 before 2.9.7

Solution

Upgrade to versions 2.8.12, 2.9.7 or above.

Last Modified

2022-11-24

source