[CKAN-Security] ckan 2.7.2 vulnerability isuues
Michael Beilin
michaelb at cio.gov.il
Mon May 7 15:22:56 UTC 2018
Hi,
We are using CKAN 2.7.2 instance in our organization and there are some vulnerability issues were founded by our application security team.
We can't deploy to production env without solving this.
Can you please confirm or refute the following problems?
Regards
1. Connection String Injection
Severity High
Method _get_config at line 185 of /ckan-small/default/src/ckan/ckan/lib/cli.py gets user input from the get
element. This element's value flows through the code without being properly sanitized or validated, and is
eventually used in a connection string in rebuild_fast at line 603 of /ckan-small/default/src/ckan/ckan/lib/cli.py.
This may enable a Connection String Injection attack.
Source Destination
File /ckansmall/
default/src/ckan/ckan/lib/cli.py
/ckansmall/
default/src/ckan/ckan/lib/cli.py
Line 192 609
Object get engine
Code Snippet
File Name /ckan-small/default/src/ckan/ckan/lib/cli.py
Method def _get_config(config=None):
....
192. filename = os.environ.get('CKAN_INI')
File Name /ckan-small/default/src/ckan/ckan/lib/cli.py
Method def rebuild_fast(self):
....
609. engine = sa.create_engine(db_url)
2. Cross Site History Manipulation
Severity Medium
Method job_listener at line 172 of /ckan-small/default/lib/python2.7/site-packages/ckanserviceprovider/web.py
may leak server-side conditional values, enabling user tracking from another website. This may constitute a
Privacy Violation.
Source Destination
File /ckan-small/default/lib/python2.7/sitepackages/
ckanserviceprovider/web.py
/ckan-small/default/lib/python2.7/sitepackages/
ckanserviceprovider/web.py
Line 195 195
Object if if
Code Snippet
File Name /ckan-small/default/lib/python2.7/site-packages/ckanserviceprovider/web.py
Method def job_listener(event):
....
195. if "_TEST_CALLBACK_URL" in app.config:
3 . Cross Site History Manipulation
PAGE 172 OF 485
Severity Medium
Method redirect_to at line 135 of /ckan-small/default/src/ckan/build/lib.linux-x86_64-2.7/ckan/lib/helpers.py
may leak server-side conditional values, enabling user tracking from another website. This may constitute a
Privacy Violation.
Source Destination
File /ckansmall/
default/src/ckan/build/lib.linuxx86_
64-2.7/ckan/lib/helpers.py
/ckansmall/
default/src/ckan/build/lib.linuxx86_
64-2.7/ckan/lib/helpers.py
Line 184 184
Object if if
Code Snippet
File Name /ckan-small/default/src/ckan/build/lib.linux-x86_64-2.7/ckan/lib/helpers.py
Method def redirect_to(*args, **kw):
....
184. if is_flask_request():
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/security/attachments/20180507/ed526b1b/attachment.html>
More information about the Security
mailing list