Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue.
Metrics
Affected Vendors & Products
References
History
Tue, 03 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:ghost:ghost:*:*:*:*:*:*:*:* | |
Metrics |
ssvc
|
Mon, 26 Aug 2024 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ghost
Ghost ghost |
|
Weaknesses | CWE-287 | |
CPEs | cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:* | |
Vendors & Products |
Ghost
Ghost ghost |
Tue, 20 Aug 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue. | |
Title | Ghost's improper authentication allows access to member information and actions | |
Weaknesses | CWE-284 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-08-20T15:05:04.338Z
Updated: 2024-09-03T14:58:35.797Z
Reserved: 2024-08-12T18:02:04.966Z
Link: CVE-2024-43409
Vulnrichment
Updated: 2024-09-03T14:58:21.683Z
NVD
Status : Analyzed
Published: 2024-08-20T15:15:24.270
Modified: 2024-08-26T18:31:26.197
Link: CVE-2024-43409
Redhat
No data.