CKAN Account Takeover Vulnerability via Unauthenticated User HTTP POST Request

CKAN Account Takeover Vulnerability via Unauthenticated User HTTP POST Request

CVE-2022-43685 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.

Learn more about our User Device Pen Test.