Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ghost has Staff 2FA bypass
Vulnerability Description
Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
Ghost 授权问题漏洞
Vulnerability Description
Ghost是Ghost开源的一个托管服务。 Ghost 5.105.0版本至5.130.5版本和6.0.0版本至6.10.3版本存在授权问题漏洞,该漏洞源于Ghost的双因素认证机制存在缺陷,可能导致工作人员用户跳过电子邮件双因素认证。
CVSS Information
N/A
Vulnerability Type
N/A