Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Ckan Security Vulnerabilities

cve
cve

CVE-2024-27097

A user endpoint didn't perform filtering on an incoming parameter, which was added directly to the application log. This could lead to an attacker injecting false log entries or corrupt the log file format. This has been fixed in the CKAN versions 2.9.11 and 2.10.4. Users are advised to upgrade....

4.3CVSS

7AI Score

0.0004EPSS

2024-03-13 09:15 PM
12
cve
cve

CVE-2023-50248

CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the /dataset/new endpoint (including either the auth cookie or the Authorization header) with a...

6.5CVSS

7.3AI Score

0.0004EPSS

2023-12-13 09:15 PM
5
cve
cve

CVE-2023-32696

CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the ckan user (equivalent to www-data) owned code and configuration files in the docker container and the ckan user had the permissions to use sudo. These issues allowed for...

8.8CVSS

9.1AI Score

0.001EPSS

2023-05-30 07:15 PM
24
cve
cve

CVE-2023-32321

CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in resource_create and package_update actions, using the ResourceUploader object. Also...

9.8CVSS

10AI Score

0.002EPSS

2023-05-26 11:15 PM
62
cve
cve

CVE-2023-22746

CKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the .env...

7.5CVSS

7.6AI Score

0.001EPSS

2023-02-03 10:15 PM
22
cve
cve

CVE-2022-43685

CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser...

8.8CVSS

8.7AI Score

0.001EPSS

2022-11-22 01:15 AM
30
3
cve
cve

CVE-2021-25967

In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. This allows low privileged application users to store malicious scripts in their profile picture. These scripts are executed in a victim’s browser when they open the malicious....

5.4CVSS

5AI Score

0.001EPSS

2021-12-01 02:15 PM
38