CVE-2024-41675

CVE-2024-41675 is a medium-severity vulnerability in Okfn Ckan with a CVSS 3.x base score of 6.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-79.

Key facts

Description

CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN >= 2.7.0 with the datatables_view plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to preview tabular data. This vulnerability has been fixed in CKAN 2.10.5 and 2.11.0.

Frequently asked questions

What is CVE-2024-41675?
CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN >= 2.7.0 with the datatables_view plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to preview tabular data. This vulnerability has been fixed in CKAN 2.10.5 and 2.11.0.
How severe is CVE-2024-41675?
CVE-2024-41675 has a CVSS 3.x base score of 6.8, rated medium severity. It is exploitable over network with low attack complexity, requires low privileges and user interaction. Impact on confidentiality is high, integrity none, and availability none.
Is CVE-2024-41675 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (30th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2024-41675?
CVE-2024-41675 affects Okfn Ckan. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2024-41675?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
Does CVE-2024-41675 have an EU (EUVD) identifier?
Yes. CVE-2024-41675 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2024-2643.
When was CVE-2024-41675 published?
CVE-2024-41675 was published on 2024-08-21 and last updated on 2026-06-17.

References

Affected products (1)

More vulnerabilities in Okfn Ckan

All CVEs affecting Okfn Ckan →

Other CWE-79 (Cross-site Scripting (XSS)) vulnerabilities

Browse all CWE-79 (Cross-site Scripting (XSS)) vulnerabilities →