Описание
Ghost has incomplete CSRF protections around OTC use
Impact
Incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost site.
Vulnerable versions
This vulnerability is present in Ghost from v5.101.6 up to v6.19.2.
Patches
v6.19.3 contains a fix for this issue.
How to update
For self-hosters using Docker, find Docker's official Ghost image here. Updating a Docker-based Ghost instance is documented here.
If a project's Ghost is a Ghost-CLI install see the documentation on updating it to the latest version here.
For more information
If there are any questions or comments about this advisory, send an email to security@ghost.org.
Пакеты
ghost
>= 5.101.6, <= 6.19.2
6.19.3
Связанные уязвимости
Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost site. This issue has been patched in version 6.19.3.
Ghost is a Node.js content management system. From version 5.101.6 to ...