How severe is CVE-2023-32696?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2023-32696?

This is classified as CWE-269, which is a common weakness in software security.

CVE-2023-32696

HIGH Year: 2023

CVSS v3 Score

8.8

High

Weakness Type

CWE-269

View all →

Vulnerability Description

CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the `ckan` user (equivalent to www-data) owned code and configuration files in the docker container and the `ckan` user had the permissions to use sudo. These issues allowed for code execution or privilege escalation if an arbitrary file write bug was available. Versions 2.9.9, 2.9.9-dev, 2.10.1, and 2.10.1-dev contain a patch.

CVE-2010-4664

HIGH

CVSS:8.8(High)

In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.

CWE-2692010

CVE-2012-6639

HIGH

CVSS:8.8(High)

An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.

CWE-2692012

CVE-2013-0643

HIGH

CVSS:8.8(High)

The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restr...

CWE-2692013

CVE-2013-4583

HIGH

CVSS:8.8(High)

The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated ...

CWE-2692013