HIGH🇬🇧 English

CVE-2026-42031

CVSS 8.3v4.0pub. 2026-05-13upd. 2026-05-15

CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed in 2.10.10 and 2.11.5.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Okfn Ckan

    APP
    Okfn
    < 2.10.102.11.0 – 2.11.5 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2023-32321CRITICAL9.8ten sam produkt

CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilitie...

CVE-2023-32696HIGH8.8ten sam produkt

CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9...

CVE-2023-22746HIGH8.6ten sam produkt

CKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a n...

CVE-2022-43685HIGH8.8ten sam produkt

CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POS...

CVE-2026-41132MEDIUM6.6ten sam produkt

CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 ...

CVE-2026-42031 — HIGH 8.3 | CVEbaza.pl