Information disclosure and Resource overwrite vulnerability in CKAN #7657
Gauravp-NEC
started this conversation in
General
Replies: 2 comments
-
@amercader @YoloClin,
Could you please let us know that how we can verify the vulnerabilities of CVE-2023-32321 |
Beta Was this translation helpful? Give feedback.
0 replies
-
@amercader, Can you please answer to this discussion. Thankyou :) |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
@amercader @YoloClin, With reference to CVE-2023-32321.
I tried to verify the below two sub vulnerabilities on CKAN v2.9.9:
To verify the above mentioned sub vulnerabilities I have performed the below steps:
Current Result: The user2 is able to access and edit the dataset resource(Resource) created by user1.
Expected Result: The user2 should not able to access and edit the dataset resource(Resource1) created by user1 as the vulnerability (CVE-2023-32321) has been fixed in v2.9.9 or 2.10.1.
Can you please tell how we can verify the two sub vulnerabilities (Information disclosure and Resource overwrite)?. Thanks
Beta Was this translation helpful? Give feedback.
All reactions