Описание
Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost site. This issue has been patched in version 6.19.3.
Уязвимые конфигурации
Конфигурация 1Версия от 5.101.6 (включая) до 6.19.3 (исключая)
cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 5%
0.0002
Низкий
7.5 High
CVSS3
8.8 High
CVSS3
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 7.5
debian
23 дня назад
Ghost is a Node.js content management system. From version 5.101.6 to ...
CVSS3: 7.5
github
25 дней назад
Ghost has incomplete CSRF protections around OTC use
EPSS
Процентиль: 5%
0.0002
Низкий
7.5 High
CVSS3
8.8 High
CVSS3
Дефекты
CWE-352