CVE-2022-43685: Improper Authentication

November 22, 2022 (updated August 8, 2023)

CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.

References

ckan.org/
ckan.org/blog/get-latest-patch-releases-your-ckan-site-october-2022
nvd.nist.gov/vuln/detail/CVE-2022-43685

Detect and mitigate CVE-2022-43685 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →