2 matches found
CVE-2022-43685
CKAN up to v2.9.6 is affected: unauthenticated users can takeover an existing account (including superusers) by sending an existing user ID via HTTP POST. Root cause details are not explicitly provided in the documents. Remediation is available via CKAN patch releases; CKAN blog references patch ...
CVE-2022-43685
CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts...