Описание
Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue.
Уязвимые конфигурации
Конфигурация 1Версия от 4.46.0 (включая) до 5.89.5 (исключая)
cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 63%
0.00454
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-284
CWE-287
Связанные уязвимости
CVSS3: 6.5
debian
больше 1 года назад
Ghost is a Node.js content management system. Improper authentication ...
CVSS3: 6.5
github
больше 1 года назад
Ghost's improper authentication allows access to member information and actions
EPSS
Процентиль: 63%
0.00454
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-284
CWE-287