Improper Authorization Affecting ckan package, versions [,2.9.9) [2.10.0, 2.10.1)
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-CKAN-6226649
- published 2 Feb 2024
- disclosed 1 Feb 2024
- credit Unknown
Introduced: 1 Feb 2024
CVE-2023-32696 Open this link in a new tabHow to fix?
Upgrade ckan to version 2.9.9, 2.10.1 or higher.
Overview
ckan is a world’s leading Open Source data portal platform.
It powers dozens of Open Data portals around the world, including data.gov, open.canada.ca and europeandataportal.eu but also regional, research and community organizations.
It makes easy to publish, share and find data online and is fully customizable via extensions and plugins.
Affected versions of this package are vulnerable to Improper Authorization such that the ckan user (equivalent to www-data) owns code and configuration files in the docker container and has the permissions to use sudo.
These issues allow an attacker to perform code execution or privilege escalation if an arbitrary file write bug was available.