Ghost has Staff 2FA bypass

Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

认证机制不恰当

Ghost 授权问题漏洞

Ghost是Ghost开源的一个托管服务。 Ghost 5.105.0版本至5.130.5版本和6.0.0版本至6.10.3版本存在授权问题漏洞，该漏洞源于Ghost的双因素认证机制存在缺陷，可能导致工作人员用户跳过电子邮件双因素认证。

N/A

N/A