CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-11-22T00:00:00

Updated: 2024-08-03T13:40:06.176Z

Reserved: 2022-10-24T00:00:00

Link: CVE-2022-43685

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-11-22T01:15:38.730

Modified: 2024-11-21T07:27:02.353

Link: CVE-2022-43685

cve-icon Redhat

No data.