CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HOkfn Ckan
APPOkfn< 2.8.122.9.0 – 2.9.7 (bez)
Powiązane podatności
CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilitie...
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 ...
CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9...
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a n...
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 ...