CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-11-22T00:00:00
Updated: 2024-08-03T13:40:06.176Z
Reserved: 2022-10-24T00:00:00
Link: CVE-2022-43685
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-11-22T01:15:38.730
Modified: 2024-11-21T07:27:02.353
Link: CVE-2022-43685
Redhat
No data.