CNNVD-202510-3963 Information

CNNVD ID

CNNVD-202510-3963

Related CVE

CVE-2025-64100

• CNNVD Published: 2025-10-29

Description (Chinese)

CKAN是CKAN开源的一个开源 DMS（数据管理系统）。用于为数据中心和数据门户提供动力。 CKAN 2.10.9之前版本和2.11.4之前版本存在授权问题漏洞，该漏洞源于攻击者可固定会话ID，可能导致会话劫持。

Description (English)

CKAN is an open source of CKAN open source DMS (data management system). Used to power data centres and data portals. CKAN 2.10.9 has a mandate gap before and before 2.11.4, which arises from the fact that the assailant can fix a conversation with ID, which may lead to a conversational hijacking.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

CKAN

Published

2025-10-29

Last Modified

2026-02-24

References

https://github.com/ckan/ckan/commit/c2fe437f88be850a6edf7a32470772428819fab5 https://github.com/ckan/ckan/security/advisories/GHSA-2hvh-cw5c-8q8q https://access.redhat.com/security/cve/cve-2025-64100

Patch

https://github.com/ckan/ckan/releases