CVE-2022-43685
CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.
Date published : 2022-11-21
https://ckan.org/blog/get-latest-patch-releases-your-ckan-site-october-2022