CVE-2023-50248

Published: Dic 13, 2023 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2023-3144 Aliases: GHSA-7fgc-89cx-w8j5

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 4,5

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: high

User Interaction: required

Scope: unchanged

Confidentiality: none

Integrity: none

Availability: high

Description

AI Translation Available

CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the `/dataset/new` endpoint (including either the auth cookie or the `Authorization` header) with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server. To trigger this error, the attacker need to have permissions to create or edit datasets. This vulnerability has been patched in CKAN 2.10.3 and 2.9.10.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0019

Percentile

0,4th

Updated

EPSS Score Trend (Last 90 Days)

130

Improper Handling of Length Parameter Inconsistency

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity

Potential Impacts:

Read Memory Modify Memory Varies By Context

Applicable Platforms

Languages: C, C++, Not Language-Specific

View CWE Details

Application

Ckan by Okfn

Product Information

Vendor Okfn

Product Ckan

Version Range Affected

From 2.0 (inclusive)

To 2.9.10 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:okfn:ckan:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Ckan by Okfn

Product Information

Vendor Okfn

Product Ckan

Version Range Affected

From 2.10.0 (inclusive)

To 2.10.3 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:okfn:ckan:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://github.com/ckan/ckan/commit/bd02018b65c5b81d7ede195…

Patch

https://github.com/ckan/ckan/commit/bd02018b65c5b81d7ede195d00d0fcbac3aa33be

https://github.com/ckan/ckan/security/advisories/GHSA-7fgc-…

Vendor Advisory

https://github.com/ckan/ckan/security/advisories/GHSA-7fgc-89cx-w8j5

https://github.com/ckan/ckan/commit/bd02018b65c5b81d7ede195…

Patch

https://github.com/ckan/ckan/commit/bd02018b65c5b81d7ede195d00d0fcbac3aa33be

https://github.com/ckan/ckan/security/advisories/GHSA-7fgc-…

Vendor Advisory

https://github.com/ckan/ckan/security/advisories/GHSA-7fgc-89cx-w8j5

CVE-2023-50248

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Improper Handling of Length Parameter Inconsistency

Common Consequences

Applicable Platforms

Ckan by Okfn

Product Information

Ckan by Okfn

Product Information

Iscriviti alla newsletter