High severityNVD Advisory· Published Nov 22, 2022· Updated Apr 29, 2025
CVE-2022-43685
CVE-2022-43685
Description
CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ckanPyPI | < 2.9.7 | 2.9.7 |
Affected products
2Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.