Ckan
CVE-2024-41674
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL (potentially including credentials) could be leaked to package_search calls as part of the returned error message. This has been patched in CKAN 2.10.5 and 2.11.0.
AnalysisAI
CKAN is an open-source data management system for powering data hubs and data portals. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-209. CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL (potentially including credentials) could be leaked to package_search calls as part of the returned error message. This has been patched in CKAN 2.10.5 and 2.11.0. Affected products include: Okfn Ckan.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
CKAN is an open-source data management system for powering data hubs and data portals. Rated critical severity (CVSS 9.8
CKAN is an open-source data management system for powering data hubs and data portals. Rated high severity (CVSS 8.8), t
CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request.
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Rated high severity (CVSS 7
CKAN is an open-source data management system for powering data hubs and data portals. Rated medium severity (CVSS 6.5),
CKAN is an open-source data management system for powering data hubs and data portals. Rated medium severity (CVSS 6.5),
CKAN is an open-source data management system for powering data hubs and data portals. Rated medium severity (CVSS 6.1),
In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile pictur
A user endpoint didn't perform filtering on an incoming parameter, which was added directly to the application log. Rate
Same weakness CWE-209 – Error Message Information Leak
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today