Primary

Context

CKAN Authorization Bypass Vulnerability in DataStore SQL Search

Vulnerability

Patched

An authorization bypass vulnerability has been identified in CKAN, an open-source data management system, in versions prior to 2.10.10 and 2.11.5. The issue resides in the 'datastore_search_sql' function, where attackers could exploit the vulnerability to access private resources and PostgreSQL system information without proper authorization. This vulnerability has been patched in CKAN versions 2.10.10 and 2.11.5.

Impact

Exploitation of this vulnerability allowed unauthorized access to private resources and PostgreSQL system information.

Remediation

Users can upgrade to CKAN version 2.10.10 or 2.11.5 to address this vulnerability. Alternatively, the DataStore SQL search feature can be disabled by setting 'ckan.datastore.sqlsearch.enabled' to 'false', although this feature is disabled by default.

Added: May 13, 2026, 7:29 PM

Updated: May 13, 2026, 7:29 PM

Vulnerability Rating

Custom Algorithm

spread

1.6

impact

2.5

exploitability

7.6

remediation

8.3

relevance

8.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.6

impact

2.5

exploitability

7.6

remediation

8.3

relevance

8.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CKAN Authorization Bypass Vulnerability in DataStore SQL Search

Vulnerability

Impact

Remediation

Affected Products

CKAN

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating