Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue.
History

Tue, 03 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ghost:ghost:*:*:*:*:*:*:*:*
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 26 Aug 2024 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Ghost
Ghost ghost
Weaknesses CWE-287
CPEs cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*
Vendors & Products Ghost
Ghost ghost

Tue, 20 Aug 2024 15:15:00 +0000

Type Values Removed Values Added
Description Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue.
Title Ghost's improper authentication allows access to member information and actions
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-08-20T15:05:04.338Z

Updated: 2024-09-03T14:58:35.797Z

Reserved: 2024-08-12T18:02:04.966Z

Link: CVE-2024-43409

cve-icon Vulnrichment

Updated: 2024-09-03T14:58:21.683Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-20T15:15:24.270

Modified: 2024-08-26T18:31:26.197

Link: CVE-2024-43409

cve-icon Redhat

No data.