CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-41697
https://notcve.org/view.php?id=CVE-2022-41697
A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1625 • CWE-204: Observable Response Discrepancy •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 1CVE-2022-41654
https://notcve.org/view.php?id=CVE-2022-41654
An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. • https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1624 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2022-28397
https://notcve.org/view.php?id=CVE-2022-28397
An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional ** EN DISPUTA ** Una vulnerabilidad de carga de archivos arbitraria en el módulo de carga de archivos de Ghost CMS versión v4.42.0, permite a atacantes ejecutar código arbitrario por medio de un archivo diseñado. NOTA: Según la documentación de seguridad de Ghost, los archivos sólo pueden ser cargados y publicados por usuarios de confianza, esto es intencional • http://ghost.com https://ghost.org/customers https://ghost.org/docs/security/#privilege-escalation-attacks https://github.com/TryGhost/Ghost https://trends.builtwith.com/cms/Ghost https://youtu.be/PncfBetPk2g • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27139
https://notcve.org/view.php?id=CVE-2022-27139
An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploading of SVG files to Ghost does not represent a remote code execution vulnerability. SVGs are not executable on the server, and may only execute javascript in a client's browser - this is expected and intentional functionality ** EN DISPUTA ** Una vulnerabilidad de carga de archivos arbitraria en el módulo de carga de archivos de Ghost versión v4.39.0, permite a atacantes ejecutar código arbitrario por medio de un archivo SVG diseñado. NOTA: El proveedor afirma que, tal y como se indica en la documentación de seguridad de Ghost, la carga de SVG sólo es posible por parte de usuarios autentificados de confianza. • http://ghost.org/docs/security/#privilege-escalation-attacks https://youtu.be/FCqWEvir2wE • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39192 – Privilege escalation: all users can access Admin-level API keys
https://notcve.org/view.php?id=CVE-2021-39192
Ghost is a Node.js content management system. An error in the implementation of the limits service between versions 4.0.0 and 4.9.4 allows all authenticated users (including contributors) to view admin-level API keys via the integrations API endpoint, leading to a privilege escalation vulnerability. This issue is patched in Ghost version 4.10.0. As a workaround, disable all non-Administrator accounts to prevent API access. It is highly recommended to regenerate all API keys after patching or applying the workaround. • https://github.com/TryGhost/Ghost/releases/tag/v4.10.0 https://github.com/TryGhost/Ghost/security/advisories/GHSA-j5c2-hm46-wp5c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-269: Improper Privilege Management •