Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ghost's improper authentication allows access to member information and actions
Vulnerability Description
Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
Ghost 安全漏洞
Vulnerability Description
Ghost是Ghost开源的一个托管服务。 Ghost v4.46.0版本至v5.89.5之前版本存在安全漏洞,该漏洞源于身份验证不当,允许攻击者执行仅限成员的操作并读取成员信息。
CVSS Information
N/A
Vulnerability Type
N/A