Skip to main content

Ckan

10 CVEs product

Monthly

CVE-2024-43371 PyPI MEDIUM PATCH This Month

CKAN is an open-source data management system for powering data hubs and data portals. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Ckan
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-41675 PyPI MEDIUM PATCH This Month

CKAN is an open-source data management system for powering data hubs and data portals. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckan
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-41674 PyPI MEDIUM PATCH This Month

CKAN is an open-source data management system for powering data hubs and data portals. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ckan
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-27097 PyPI MEDIUM PATCH This Month

A user endpoint didn't perform filtering on an incoming parameter, which was added directly to the application log. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Ckan
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-50248 PyPI MEDIUM PATCH This Month

CKAN is an open-source data management system for powering data hubs and data portals. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ckan
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-32696 HIGH PATCH This Week

CKAN is an open-source data management system for powering data hubs and data portals. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation RCE Docker Ckan
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-32321 PyPI CRITICAL PATCH Act Now

CKAN is an open-source data management system for powering data hubs and data portals. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Ckan
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-22746 HIGH PATCH This Week

CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Docker Ckan
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-43685 PyPI HIGH PATCH This Week

CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ckan
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-25967 PyPI MEDIUM PATCH This Month

In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Ckan
NVD
CVSS 3.1
5.4
EPSS
0.5%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

CKAN is an open-source data management system for powering data hubs and data portals. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Ckan
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

CKAN is an open-source data management system for powering data hubs and data portals. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckan
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

CKAN is an open-source data management system for powering data hubs and data portals. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ckan
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A user endpoint didn't perform filtering on an incoming parameter, which was added directly to the application log. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Ckan
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

CKAN is an open-source data management system for powering data hubs and data portals. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ckan
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

CKAN is an open-source data management system for powering data hubs and data portals. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation RCE Docker +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

CKAN is an open-source data management system for powering data hubs and data portals. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Ckan
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Docker Ckan
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ckan
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Ckan
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy