Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's `content/` folder. Version 5.59.1 contains a fix for this issue. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Metrics
Affected Vendors & Products
References
History
Wed, 02 Oct 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-08-15T17:25:16.758Z
Updated: 2024-10-02T17:45:39.305Z
Reserved: 2023-08-08T13:46:25.244Z
Link: CVE-2023-40028
Vulnrichment
Updated: 2024-08-02T18:24:54.629Z
NVD
Status : Modified
Published: 2023-08-15T18:15:10.547
Modified: 2024-11-21T08:18:33.280
Link: CVE-2023-40028
Redhat
No data.