CVE-2023-32321

CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in resource_create and package_update actions, using the ResourceUploader object. Also reacha...

CVE-2023-32696

CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the ckan user (equivalent to www-data) owned code and configuration files in the docker container and the ckan user had the permissions to use sudo. These issues allowed for co...

CVE-2023-22746

CKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the .env file...

CVE-2023-50248

CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the /dataset/new endpoint (including either the auth cookie or the Authorization header) with a specially-craft...