Cybersecurity researchers have detailed two security flaws in JavaScript-based blogging platforms. GhostOne of them can be exploited to elevate privileges via a specially crafted HTTP request.
Tracked as CVE-2022-41654 (CVSS score: 8.5), it is an authentication bypass vulnerability that allows unauthorized users (i.e. members) to tamper with newsletter settings.
Cisco Talos discovered The downside, he said, is that members may be able to change the system-wide default newsletter that all users are subscribed to by default.
“This allows unprivileged users to view and change settings they were not meant to access.” I got it In an advisory published on November 28, 2022, “they cannot permanently escalate their rights or access further information.”
The CMS platform blamed a “gap” in API validation, adding that it found no evidence that the issue was being exploited in the wild.
Ghost has also patched an enumeration vulnerability in the login functionality (CVE-2022-41697, CVSS score: 5.3) that could lead to the disclosure of sensitive information.
According to Talos, attackers exploited this vulnerability to enumerate all valid Ghost users by providing their email addresses, which they used to narrow down potential targets for their next stage of phishing attacks. may be
This flaw has been addressed in the Ghost (Pro) managed hosting service, but if you self-host the service and are running versions 4.46.0 through 4.48.7, or any version of v5 through 5.22.6 Users update to versions 4.48.8 and 5.22.7.