CVE-2023-22746 - Vulnerability Details - OpenCVE

CKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the `.env` file, that key was shared across different CKAN instances, making it easy to forge authentication requests. Users overriding the default secret key in their own `.env` file are not affected by this issue. Note that the legacy images (ckan/ckan) located in the main CKAN repo are not affected by this issue. The affected images are ckan/ckan-docker, (ckan/ckan-base images), okfn/docker-ckan (openknowledge/ckan-base and openknowledge/ckan-dev images) keitaroinc/docker-ckan (keitaro/ckan images).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Okfn	Ckan

Configuration 1 [-]

OR	cpe:2.3:a:okfn:ckan::::::::
	cpe:2.3:a:okfn:ckan::::::::

No data.

References

Link	Providers
https://github.com/ckan/ckan/commit/44af0f0a148fcc0e0fbcf02fe69b7db13459a84b
https://github.com/ckan/ckan/commit/4c22c135fa486afa13855d1cdb9765eaf418d2aa
https://github.com/ckan/ckan/security/advisories/GHSA-pr8j-v4c8-h62x

History

Mon, 10 Mar 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-02-03T21:07:11.551Z

Updated: 2025-03-10T21:16:37.925Z

Reserved: 2023-01-06T14:21:05.894Z

Link: CVE-2023-22746

Vulnrichment

Updated: 2024-08-02T10:20:30.220Z

NVD

Status : Modified

Published: 2023-02-03T22:15:11.733

Modified: 2024-11-21T07:45:20.677

Link: CVE-2023-22746

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-22746", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-01-06T14:21:05.894Z", "datePublished": "2023-02-03T21:07:11.551Z", "dateUpdated": "2025-03-10T21:16:37.925Z"}, "containers": {"cna": {"title": "CKAN is vulnerable to session secret shared across instances using Docker images", "problemTypes": [{"descriptions": [{"cweId": "CWE-344", "lang": "en", "description": "CWE-344: Use of Invariant Value in Dynamically Changing Context", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-330", "lang": "en", "description": "CWE-330: Use of Insufficiently Random Values", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/ckan/ckan/security/advisories/GHSA-pr8j-v4c8-h62x", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ckan/ckan/security/advisories/GHSA-pr8j-v4c8-h62x"}, {"name": "https://github.com/ckan/ckan/commit/44af0f0a148fcc0e0fbcf02fe69b7db13459a84b", "tags": ["x_refsource_MISC"], "url": "https://github.com/ckan/ckan/commit/44af0f0a148fcc0e0fbcf02fe69b7db13459a84b"}, {"name": "https://github.com/ckan/ckan/commit/4c22c135fa486afa13855d1cdb9765eaf418d2aa", "tags": ["x_refsource_MISC"], "url": "https://github.com/ckan/ckan/commit/4c22c135fa486afa13855d1cdb9765eaf418d2aa"}], "affected": [{"vendor": "ckan", "product": "ckan", "versions": [{"version": ">= 2.9.0, < 2.9.7", "status": "affected"}, {"version": "< 2.8.12", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-02-03T21:07:11.551Z"}, "descriptions": [{"lang": "en", "value": "CKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the `.env` file, that key was shared across different CKAN instances, making it easy to forge authentication requests. Users overriding the default secret key in their own `.env` file are not affected by this issue. Note that the legacy images (ckan/ckan) located in the main CKAN repo are not affected by this issue. The affected images are ckan/ckan-docker, (ckan/ckan-base images), okfn/docker-ckan (openknowledge/ckan-base and openknowledge/ckan-dev images)\nkeitaroinc/docker-ckan (keitaro/ckan images).\n"}], "source": {"advisory": "GHSA-pr8j-v4c8-h62x", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:20:30.220Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/ckan/ckan/security/advisories/GHSA-pr8j-v4c8-h62x", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/ckan/ckan/security/advisories/GHSA-pr8j-v4c8-h62x"}, {"name": "https://github.com/ckan/ckan/commit/44af0f0a148fcc0e0fbcf02fe69b7db13459a84b", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ckan/ckan/commit/44af0f0a148fcc0e0fbcf02fe69b7db13459a84b"}, {"name": "https://github.com/ckan/ckan/commit/4c22c135fa486afa13855d1cdb9765eaf418d2aa", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ckan/ckan/commit/4c22c135fa486afa13855d1cdb9765eaf418d2aa"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-10T20:59:04.838038Z", "id": "CVE-2023-22746", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T21:16:37.925Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/ckan/ckan/security/advisories/GHSA-pr8j-v4c8-h62x", "name": "https://github.com/ckan/ckan/security/advisories/GHSA-pr8j-v4c8-h62x", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/ckan/ckan/commit/44af0f0a148fcc0e0fbcf02fe69b7db13459a84b", "name": "https://github.com/ckan/ckan/commit/44af0f0a148fcc0e0fbcf02fe69b7db13459a84b", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/ckan/ckan/commit/4c22c135fa486afa13855d1cdb9765eaf418d2aa", "name": "https://github.com/ckan/ckan/commit/4c22c135fa486afa13855d1cdb9765eaf418d2aa", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:20:30.220Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-22746", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-10T20:59:04.838038Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T20:59:06.664Z"}}], "cna": {"title": "CKAN is vulnerable to session secret shared across instances using Docker images", "source": {"advisory": "GHSA-pr8j-v4c8-h62x", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "ckan", "product": "ckan", "versions": [{"status": "affected", "version": ">= 2.9.0, < 2.9.7"}, {"status": "affected", "version": "< 2.8.12"}]}], "references": [{"url": "https://github.com/ckan/ckan/security/advisories/GHSA-pr8j-v4c8-h62x", "name": "https://github.com/ckan/ckan/security/advisories/GHSA-pr8j-v4c8-h62x", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/ckan/ckan/commit/44af0f0a148fcc0e0fbcf02fe69b7db13459a84b", "name": "https://github.com/ckan/ckan/commit/44af0f0a148fcc0e0fbcf02fe69b7db13459a84b", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/ckan/ckan/commit/4c22c135fa486afa13855d1cdb9765eaf418d2aa", "name": "https://github.com/ckan/ckan/commit/4c22c135fa486afa13855d1cdb9765eaf418d2aa", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "CKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the `.env` file, that key was shared across different CKAN instances, making it easy to forge authentication requests. Users overriding the default secret key in their own `.env` file are not affected by this issue. Note that the legacy images (ckan/ckan) located in the main CKAN repo are not affected by this issue. The affected images are ckan/ckan-docker, (ckan/ckan-base images), okfn/docker-ckan (openknowledge/ckan-base and openknowledge/ckan-dev images)\nkeitaroinc/docker-ckan (keitaro/ckan images).\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-344", "description": "CWE-344: Use of Invariant Value in Dynamically Changing Context"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-330", "description": "CWE-330: Use of Insufficiently Random Values"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-02-03T21:07:11.551Z"}}}, "cveMetadata": {"cveId": "CVE-2023-22746", "state": "PUBLISHED", "dateUpdated": "2025-03-10T21:16:37.925Z", "dateReserved": "2023-01-06T14:21:05.894Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-02-03T21:07:11.551Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:okfn:ckan:*:*:*:*:*:*:*:*", "matchCriteriaId": "94E736ED-CD0F-4634-B739-AEF507A62808", "versionEndExcluding": "2.8.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:okfn:ckan:*:*:*:*:*:*:*:*", "matchCriteriaId": "3960F8B4-0768-4C32-855E-D62384B25511", "versionEndExcluding": "2.9.7", "versionStartIncluding": "2.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "CKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the `.env` file, that key was shared across different CKAN instances, making it easy to forge authentication requests. Users overriding the default secret key in their own `.env` file are not affected by this issue. Note that the legacy images (ckan/ckan) located in the main CKAN repo are not affected by this issue. The affected images are ckan/ckan-docker, (ckan/ckan-base images), okfn/docker-ckan (openknowledge/ckan-base and openknowledge/ckan-dev images)\nkeitaroinc/docker-ckan (keitaro/ckan images).\n"}], "id": "CVE-2023-22746", "lastModified": "2024-11-21T07:45:20.677", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-03T22:15:11.733", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/ckan/ckan/commit/44af0f0a148fcc0e0fbcf02fe69b7db13459a84b"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/ckan/ckan/commit/4c22c135fa486afa13855d1cdb9765eaf418d2aa"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/ckan/ckan/security/advisories/GHSA-pr8j-v4c8-h62x"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/ckan/ckan/commit/44af0f0a148fcc0e0fbcf02fe69b7db13459a84b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/ckan/ckan/commit/4c22c135fa486afa13855d1cdb9765eaf418d2aa"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/ckan/ckan/security/advisories/GHSA-pr8j-v4c8-h62x"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-330"}, {"lang": "en", "value": "CWE-344"}], "source": "security-advisories@github.com", "type": "Secondary"}]}