Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ghost has Staff Token permission bypass
Vulnerability Description
Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. External systems that have been authenticated via Staff Tokens for Admin/Owner-role users would have had access to these endpoints. This issue has been patched in versions 5.130.6 and 6.11.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Vulnerability Type
授权机制不正确
Vulnerability Title
Ghost 安全漏洞
Vulnerability Description
Ghost是Ghost开源的一个托管服务。 Ghost 5.121.0版本至5.130.5版本和6.0.0版本至6.10.3版本存在安全漏洞,该漏洞源于Ghost处理工作人员令牌身份验证的方式存在缺陷,可能导致某些仅限通过工作人员会话身份验证访问的端点被不当访问。
CVSS Information
N/A
Vulnerability Type
N/A