CVE-2024-41675 MEDIUM

CVE-2024-41675: CKAN has a Cross-site Scripting vector in the Datatables view plugin

Vendor Ckan
Product ckan
Weakness CWE-79 · XSS
Published August 21, 2024
Last update August 22, 2024

CVSS base score

6.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN >= 2.7.0 with the datatables_view plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to preview tabular data. This vulnerability has been fixed in CKAN 2.10.5 and 2.11.0.

Key dates

02Disclosure timeline

August 21, 2024 CVE published
August 22, 2024 Record updated