CKAN up to and including 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
okfn ckan |