CVSS 3.1 Score 4.3 of 10 (medium)


Published Mar 13, 2024
Updated: Mar 14, 2024
CWE ID 532


CVE-2024-27097 is a vulnerability that affects the CKAN versions 2.9.11 and 2.10.4. It occurs when a user endpoint fails to filter an incoming parameter, allowing an attacker to inject false log entries or corrupt the log file format. The recommended solution is to upgrade to the fixed versions mentioned above. However, if upgrading is not possible, users can override the /user/reset endpoint and filter the id parameter to exclude newlines. This vulnerability poses a medium risk with a base severity score of 4.3 out of 10 and requires user interaction through a network attack vector. The impact on integrity is low, and there is no impact on confidentiality or availability. The CVE ID is related to CWE-532 (Information Exposure Through Log Files).

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-27097 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options