[ckan] CKAN contains Improper Authentication leading to account takeover

CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-43685
• https://ckan.org/
• https://ckan.org/blog/get-latest-patch-releases-your-ckan-site-october-2022
• https://github.com/advisories/GHSA-m2xp-jxfg-qq6g