Описание
Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ghost | itp | package |
EPSS
Процентиль: 63%
0.00454
Низкий
Связанные уязвимости
CVSS3: 6.5
nvd
больше 1 года назад
Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue.
CVSS3: 6.5
github
больше 1 года назад
Ghost's improper authentication allows access to member information and actions
EPSS
Процентиль: 63%
0.00454
Низкий