CVE-2022-43685
published 2022-11-22CVE-2022-43685: CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an…
PriorityP350high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.68%
47.7th percentile
CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ckan | ckan | >= 0 < 2.9.7 | 2.9.7 |
| okfn | ckan | < 2.8.12 | 2.8.12 |
| okfn | ckan | >= 2.9.0 < 2.9.7 | 2.9.7 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
CKAN contains Improper Authentication leading to account takeover
ghsa·2022-11-22
CVE-2022-43685 [HIGH] CWE-287 CKAN contains Improper Authentication leading to account takeover
CKAN contains Improper Authentication leading to account takeover
CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.
OSV
CKAN contains Improper Authentication leading to account takeover
osv·2022-11-22
CVE-2022-43685 [HIGH] CKAN contains Improper Authentication leading to account takeover
CKAN contains Improper Authentication leading to account takeover
CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.
OSV
CVE-2022-43685: CKAN through 2
osv·2022-11-22
CVE-2022-43685 CVE-2022-43685: CKAN through 2
CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-11-22
Published