CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34451
https://notcve.org/view.php?id=CVE-2024-34451
16 Jun 2024 — Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers. Ghost hasta 5.85.1 permite a atacantes remotos eludir un mecanismo de protección de límite de tasa de autenticación mediante el uso de muchos encabezados X-Forwarded-For con diferentes valores. NOTA: la posición d... • https://docs.google.com/document/d/1iy0X4Vc9xXYoBxFrcW6ATo8GKPV6ivuLVzn6GgEpwqE • CWE-1390: Weak Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34559 – WordPress Ghost plugin <= 1.4.0 - Sensitive Data Exposure via Log File vulnerability
https://notcve.org/view.php?id=CVE-2024-34559
07 May 2024 — Insertion of Sensitive Information into Log File vulnerability in Ghost Foundation Ghost.This issue affects Ghost: from n/a through 1.4.0. Vulnerabilidad de inserción de información confidencial en un archivo de registro en Ghost Foundation Ghost. Este problema afecta a Ghost: desde n/a hasta 1.4.0. The Ghost plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.0 through publicly exposed log files. This makes it possible for unauthenticated attackers... • https://patchstack.com/database/vulnerability/ghost/wordpress-ghost-plugin-1-4-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-23724
https://notcve.org/view.php?id=CVE-2024-23724
11 Feb 2024 — Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that "The vendor does not view this as a valid vector." Ghost hasta 5.76.0 permite XSS almacenado y la consiguiente escalada de privilegios en la que un colaborador puede hacerse cargo de cualquier cuenta, a través de una imagen de perfil SVG que c... • https://github.com/Youssefdds/CVE-2024-23724 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23725
https://notcve.org/view.php?id=CVE-2024-23725
21 Jan 2024 — Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries. Ghost anterior a 5.76.0 permite XSS a través de un extracto de publicación en excerpt.js. Se puede representar un payload XSS en resúmenes de publicaciones. • https://github.com/TryGhost/Ghost/pull/17190 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 10CVE-2023-40028 – Arbitrary file read via symlinks in Ghost
https://notcve.org/view.php?id=CVE-2023-40028
15 Aug 2023 — Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's `content/` folder. Version 5.59.1 contains a fix for this issue. • https://packetstorm.news/files/id/183344 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31133 – Ghost vulnerable to disclosure of private API fields
https://notcve.org/view.php?id=CVE-2023-31133
08 May 2023 — Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to version 5.46.1, due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute force attack. Ghost(Pro) has already been patched. Maintainers can find no evidence that the issue was exploited on Ghost(Pro) prior to the patch being added. Self-hosters are impacted if running Ghost a version below... • https://github.com/TryGhost/Ghost/commit/b3caf16005289cc9909488391b4a26f3f4a66a90 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 93%CPEs: 1EXPL: 2CVE-2023-32235
https://notcve.org/view.php?id=CVE-2023-32235
05 May 2023 — Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js. • https://github.com/VEEXH/Ghost-Path-Traversal-CVE-2023-32235- • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1CVE-2020-24736 – sqlite: Crash due to misuse of window functions.
https://notcve.org/view.php?id=CVE-2020-24736
11 Apr 2023 — Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause a denial of service via a crafted script. A flaw was found in SQLite. A buffer overflow vulnerability allows a local attacker to cause a denial of service via a crafted script. Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they w... • https://security.netapp.com/advisory/ntap-20230526-0005 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43441 – Debian Security Advisory 5373-1
https://notcve.org/view.php?id=CVE-2022-43441
15 Mar 2023 — A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attacker can provide malicious input to trigger this vulnerability. Dave McDaniel discovered that the SQLite3 bindings for Node.js were susceptible to the execution of arbitrary JavaScript code if a binding parameter is a crafted object. • https://github.com/TryGhost/node-sqlite3/security/advisories/GHSA-jqv5-7xpx-qj74 • CWE-913: Improper Control of Dynamically-Managed Code Resources CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26510
https://notcve.org/view.php?id=CVE-2023-26510
05 Mar 2023 — Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no security impact. • https://ghost.org/docs/security • CWE-862: Missing Authorization •