Опубликовано: 22 нояб. 2022
Источник: github
Github: Прошло ревью
CVSS4: 8.7
CVSS3: 8.8
Описание
CKAN contains Improper Authentication leading to account takeover
CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.
Пакеты
Наименование
ckan
pip
Затронутые версииВерсия исправления
< 2.9.7
2.9.7
Связанные уязвимости
CVSS3: 8.8
nvd
около 3 лет назад
CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.