Lucene search
Veracode Vulnerability DatabaseVERACODE:38183HistoryNov 23, 2022 - 7:39 a.m.
Arbitrary Code Execution
2022-11-2307:39:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
ckan
arbitrary code execution
user_create
create.py
vulnerability
attacker
account
malicious code
validation
software
EPSS
0.001
Percentile
42.8%
ckan is vulnerable to arbitrary code execution. The vulnerability exists in user_create function in create.py because the existing user id not properly validated which allows an attacker to take over an existing account and execute malicious code into the system.
References
ckan.org/
ckan.org/blog/get-latest-patch-releases-your-ckan-site-october-2022
docs.ckan.org/en/2.9/changelog.html#v-2-9-7-2022-10-26
docs.ckan.org/en/2.9/changelog.html#v-2-9-7-2022-10-26
github.com/advisories/GHSA-m2xp-jxfg-qq6g
github.com/ckan/ckan/commit/44af0f0a148fcc0e0fbcf02fe69b7db13459a84b
github.com/ckan/ckan/commit/4c22c135fa486afa13855d1cdb9765eaf418d2aa
Related
cvelist
cvelist
CVE-2022-43685
2022-11-22 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-11-22 01:15:00
osv
osv
PYSEC-2022-42987
2022-11-22 01:15:00
CKAN contains Improper Authentication leading to account takeover
2022-11-22 03:30:56
CVE-2022-43685
2022-11-22 01:15:38
github
github
CKAN contains Improper Authentication leading to account takeover
2022-11-22 03:30:56
cve
cve
CVE-2022-43685
2022-11-22 01:15:38
nvd
nvd
CVE-2022-43685
2022-11-22 01:15:38