CKAN Privilege Escalation Vulnerability via Malicious File Upload

A vulnerability in CKAN versions prior to 2.11.1 allows registered users to upload files that can execute code, potentially sending arbitrary requests to the server. If such a file is opened by an administrator, it could escalate privileges for the original uploader or cause other malicious effects. This issue arises from insufficient validation of uploaded files, particularly those that could be executed as code.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing a user to gain elevated rights or access within the CKAN application.

Remediation

Users can upgrade to CKAN versions 2.10.7 or 2.11.2, where this vulnerability has been fixed. For versions prior to 2.10.7 and 2.11.2, site maintainers can restrict upload file types using the 'ckan.upload.user.mimetypes' and 'ckan.upload.user.types' options, or the 'ckan.upload.group.mimetypes' and 'ckan.upload.group.types' options. To completely disable file uploads, set 'ckan.upload.user.types' to 'none'.