Login Sign Up

CVE-2023-32321

9.8 CRITICAL
Remote Code Execution Authentication Bypass Denial of Service

📋 TL;DR

CVE-2023-32321 is a critical vulnerability in CKAN data management systems that allows authenticated users to write arbitrary files and achieve remote code execution through insecure pickle loading. It affects all CKAN installations below versions 2.9.9 and 2.10.1. The vulnerability can lead to complete system compromise.

💻 Affected Systems

Products:
  • CKAN (Comprehensive Knowledge Archive Network)
Versions: All versions below 2.9.9 and 2.10.1
Operating Systems: All platforms running CKAN
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerable when using file session store backend with Beaker. All CKAN deployments with default configurations are affected.

📦 What is this software?

Ckan by Okfn

View all CVEs affecting Ckan →

Ckan by Okfn

View all CVEs affecting Ckan →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via remote code execution, allowing attackers to execute arbitrary commands, steal data, install malware, or pivot to other systems.

🟠

Likely Case

Data theft, resource manipulation, and potential privilege escalation leading to unauthorized access to sensitive datasets.

🟢

If Mitigated

Limited to authenticated user actions only, but still significant due to multiple attack vectors including file writes and session manipulation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but leverages multiple attack vectors including arbitrary file write and insecure pickle deserialization.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: CKAN 2.9.9 or CKAN 2.10.1

Vendor Advisory: https://github.com/ckan/ckan/security/advisories/GHSA-446m-hmmm-hm8m

Restart Required: Yes

Instructions:

1. Backup your CKAN instance and database. 2. Update CKAN to version 2.9.9 or 2.10.1 using your package manager or pip. 3. Restart all CKAN services including web server and workers. 4. Verify the update was successful.

🔧 Temporary Workarounds

No known workarounds

all

The vendor advisory states there are no known workarounds for these vulnerabilities.

🧯 If You Can't Patch

  • Restrict access to CKAN to trusted users only and implement strict authentication controls
  • Monitor for suspicious file writes, resource ID manipulation, and session store access patterns

🔍 How to Verify

Check if Vulnerable:

Check CKAN version via command line: 'ckan --version' or check the CKAN configuration file for version information.

Check Version:

ckan --version

Verify Fix Applied:

Verify CKAN version is 2.9.9 or higher for 2.9.x branch, or 2.10.1 or higher for 2.10.x branch.

📡 Detection & Monitoring

Log Indicators:

  • Unusual resource creation with crafted IDs
  • File writes to unexpected locations
  • Session store manipulation attempts
  • Pickle deserialization errors

Network Indicators:

  • Multiple requests to resource_create, package_update, or session endpoints with crafted parameters

SIEM Query:

source="ckan" AND (action="resource_create" OR action="package_update") AND (resource_id CONTAINS ".." OR resource_id LENGTH > 100)

📊 Metadata

CVE ID: CVE-2023-32321
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-20
Published: May 26, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-32321, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)