Lucene search

Veracode Vulnerability DatabaseVERACODE:44698

HistoryDec 15, 2023 - 2:06 p.m.

Denial Of Service (DoS)

2023-12-1514:06:19

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

ckan

denial of service

vulnerability

auth cookie

validation

out-of-memory error

hosting server

software

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

13.3%

JSON

ckan is vulnerable to Denial of Service (DoS). The vulnerability exists because it does not properly validate the auth cookie in _init__.py which allows an attacker to create an out-of-memory error in the hosting server.

References

github.com/advisories/GHSA-7fgc-89cx-w8j5

github.com/ckan/ckan/commit/04f9fb9189439055ea3b5332c031ff2b5eba443d

github.com/ckan/ckan/commit/2af36d8ea3f76cca1ccf9d30ce54f8ab31abae7a

github.com/ckan/ckan/commit/bd02018b65c5b81d7ede195d00d0fcbac3aa33be

github.com/ckan/ckan/security/advisories/GHSA-7fgc-89cx-w8j5

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

13.3%

JSON

Related for VERACODE:44698