EUVD-2024-2468

Malicious code in bioql PyPI...

CVE-2024-41675 CKAN has a Cross-site Scripting vector in the Datatables view plugin

CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN = 2.7.0 with the datatablesview plugin activated. This is a plugin...

CVE-2023-32696

CVE-2023-32696 affects CKAN where, prior to versions 2.9.9 and 2.10.1, the ckan user (www-data) owned code/files inside the Docker container and could use sudo. This permission set could enable code execution or privilege escalation if an arbitrary file write bug existed. The vulnerability has pa...

CVE-2023-22746 CKAN is vulnerable to session secret shared across instances using Docker images

CKAN is an open-source DMS data management system for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the .env file...