Ckan
CVE-2023-50248
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the /dataset/new endpoint (including either the auth cookie or the Authorization header) with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server. To trigger this error, the attacker need to have permissions to create or edit datasets. This vulnerability has been patched in CKAN 2.10.3 and 2.9.10.
AnalysisAI
CKAN is an open-source data management system for powering data hubs and data portals. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-130. CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the /dataset/new endpoint (including either the auth cookie or the Authorization header) with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server. To trigger this error, the attacker need to have permissions to create or edit datasets. This vulnerability has been patched in CKAN 2.10.3 and 2.9.10. Affected products include: Okfn Ckan. Version information: version 2.0.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
CKAN is an open-source data management system for powering data hubs and data portals. Rated critical severity (CVSS 9.8
CKAN is an open-source data management system for powering data hubs and data portals. Rated high severity (CVSS 8.8), t
CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request.
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Rated high severity (CVSS 7
CKAN is an open-source data management system for powering data hubs and data portals. Rated medium severity (CVSS 6.5),
CKAN is an open-source data management system for powering data hubs and data portals. Rated medium severity (CVSS 6.1),
In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile pictur
CKAN is an open-source data management system for powering data hubs and data portals. Rated medium severity (CVSS 5.3),
A user endpoint didn't perform filtering on an incoming parameter, which was added directly to the application log. Rate
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today