Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Excessive permissions for ckan user
Vulnerability Description
CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the `ckan` user (equivalent to www-data) owned code and configuration files in the docker container and the `ckan` user had the permissions to use sudo. These issues allowed for code execution or privilege escalation if an arbitrary file write bug was available. Versions 2.9.9, 2.9.9-dev, 2.10.1, and 2.10.1-dev contain a patch.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
特权管理不恰当
Vulnerability Title
CKAN 安全漏洞
Vulnerability Description
CKAN是一个开源 Dms(数据管理系统)。用于为数据中心和数据门户提供动力。 CKAN存在安全漏洞,该漏洞源于存在任意文件写入错误,会导致代码执行或权限提升
CVSS Information
N/A
Vulnerability Type
N/A