CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN >= 2.7.0 with the datatables_view plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to preview tabular data. This vulnerability has been fixed in CKAN 2.10.5 and 2.11.0.
History

Fri, 23 Aug 2024 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Okfn
Okfn ckan
CPEs cpe:2.3:a:okfn:ckan:*:*:*:*:*:*:*:*
Vendors & Products Okfn
Okfn ckan

Thu, 22 Aug 2024 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 21 Aug 2024 14:45:00 +0000

Type Values Removed Values Added
Description CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN >= 2.7.0 with the datatables_view plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to preview tabular data. This vulnerability has been fixed in CKAN 2.10.5 and 2.11.0.
Title CKAN has a Cross-site Scripting vector in the Datatables view plugin
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-08-21T14:34:31.424Z

Updated: 2024-08-22T13:35:13.240Z

Reserved: 2024-07-18T15:21:47.486Z

Link: CVE-2024-41675

cve-icon Vulnrichment

Updated: 2024-08-22T13:35:09.168Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-21T15:15:08.963

Modified: 2024-08-23T17:07:28.247

Link: CVE-2024-41675

cve-icon Redhat

No data.