CVE-2023-32321

CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in resource_create and package_update actions, using the ResourceUploader object. Also reacha...

CVE-2023-32696

CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the ckan user (equivalent to www-data) owned code and configuration files in the docker container and the ckan user had the permissions to use sudo. These issues allowed for co...