cvelistv5 - cve-2022-41654

CVE-2022-41654 (GCVE-0-2022-41654)

Vulnerability from cvelistv5 – Published: 2022-12-23 23:03 – Updated: 2025-04-14 18:08

Summary

An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.

Severity ?

9.6 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-284 - Improper Access Control

Assigner

talos

References

URL

Tags

	https://talosintelligence.com/vulnerability_repor…
	https://github.com/TryGhost/Ghost/security/adviso…

Impacted products

	Vendor	Product	Version
	Ghost Foundation	Ghost	Affected: 5.9.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:49:43.405Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1624"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-41654",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-14T18:08:07.229813Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-14T18:08:15.772Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Ghost",
          "vendor": "Ghost Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "5.9.4"
            }
          ]
        }
      ],
      "datePublic": "2022-12-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-22T00:00:00.000Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1624"
        },
        {
          "url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2022-41654",
    "datePublished": "2022-12-23T23:03:51.372Z",
    "dateReserved": "2022-09-29T00:00:00.000Z",
    "dateUpdated": "2025-04-14T18:08:15.772Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*\", \"versionStartIncluding\": \"4.46.0\", \"versionEndExcluding\": \"4.48.8\", \"matchCriteriaId\": \"8E71806D-2CBB-4D88-8D27-117A20737E25\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*\", \"versionStartIncluding\": \"5.0.0\", \"versionEndExcluding\": \"5.22.7\", \"matchCriteriaId\": \"10D8C53F-5C69-42AC-A343-2FF04D23395D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de omisi\\u00f3n de autenticaci\\u00f3n en la funcionalidad de suscripci\\u00f3n al bolet\\u00edn de Ghost Foundation Ghost 5.9.4. Una solicitud HTTP especialmente manipulada puede generar mayores privilegios. Un atacante puede enviar una solicitud HTTP para desencadenar esta vulnerabilidad.\"}]",
      "id": "CVE-2022-41654",
      "lastModified": "2024-11-21T07:23:34.413",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}], \"cvssMetricV30\": [{\"source\": \"talos-cna@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\", \"baseScore\": 9.6, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 6.0}]}",
      "published": "2022-12-22T10:15:10.047",
      "references": "[{\"url\": \"https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6\", \"source\": \"talos-cna@cisco.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2022-1624\", \"source\": \"talos-cna@cisco.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2022-1624\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "talos-cna@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"talos-cna@cisco.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-41654\",\"sourceIdentifier\":\"talos-cna@cisco.com\",\"published\":\"2022-12-22T10:15:10.047\",\"lastModified\":\"2024-11-21T07:23:34.413\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en la funcionalidad de suscripci\u00f3n al bolet\u00edn de Ghost Foundation Ghost 5.9.4. Una solicitud HTTP especialmente manipulada puede generar mayores privilegios. Un atacante puede enviar una solicitud HTTP para desencadenar esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV30\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":9.6,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"4.46.0\",\"versionEndExcluding\":\"4.48.8\",\"matchCriteriaId\":\"8E71806D-2CBB-4D88-8D27-117A20737E25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndExcluding\":\"5.22.7\",\"matchCriteriaId\":\"10D8C53F-5C69-42AC-A343-2FF04D23395D\"}]}]}],\"references\":[{\"url\":\"https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2022-1624\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2022-1624\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2022-1624\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T12:49:43.405Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-41654\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-14T18:08:07.229813Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-14T18:08:11.462Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_0\": {\"scope\": \"CHANGED\", \"version\": \"3.0\", \"baseScore\": 9.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Ghost Foundation\", \"product\": \"Ghost\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.9.4\"}]}], \"datePublic\": \"2022-12-28T00:00:00.000Z\", \"references\": [{\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2022-1624\"}, {\"url\": \"https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284: Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b\", \"shortName\": \"talos\", \"dateUpdated\": \"2022-12-22T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-41654\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-14T18:08:15.772Z\", \"dateReserved\": \"2022-09-29T00:00:00.000Z\", \"assignerOrgId\": \"b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b\", \"datePublished\": \"2022-12-23T23:03:51.372Z\", \"assignerShortName\": \"talos\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2022-41654

Vulnerability from fkie_nvd - Published: 2022-12-22 10:15 - Updated: 2024-11-21 07:23

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

References

URL	Tags
talos-cna@cisco.com	https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6	Third Party Advisory
talos-cna@cisco.com	https://talosintelligence.com/vulnerability_reports/TALOS-2022-1624	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://talosintelligence.com/vulnerability_reports/TALOS-2022-1624	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	ghost	ghost	*
	ghost	ghost	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "8E71806D-2CBB-4D88-8D27-117A20737E25",
              "versionEndExcluding": "4.48.8",
              "versionStartIncluding": "4.46.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "10D8C53F-5C69-42AC-A343-2FF04D23395D",
              "versionEndExcluding": "5.22.7",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en la funcionalidad de suscripci\u00f3n al bolet\u00edn de Ghost Foundation Ghost 5.9.4. Una solicitud HTTP especialmente manipulada puede generar mayores privilegios. Un atacante puede enviar una solicitud HTTP para desencadenar esta vulnerabilidad."
    }
  ],
  "id": "CVE-2022-41654",
  "lastModified": "2024-11-21T07:23:34.413",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.6,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 6.0,
        "source": "talos-cna@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-12-22T10:15:10.047",
  "references": [
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6"
    },
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1624"
    }
  ],
  "sourceIdentifier": "talos-cna@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "talos-cna@cisco.com",
      "type": "Primary"
    }
  ]
}

GSD-2022-41654

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-41654

Aliases

CVE-2022-41654

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-41654",
    "id": "GSD-2022-41654"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-41654"
      ],
      "details": "An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.",
      "id": "GSD-2022-41654",
      "modified": "2023-12-13T01:19:32.675948Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "talos-cna@cisco.com",
        "DATE_PUBLIC": "2022-12-28",
        "ID": "CVE-2022-41654",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Ghost",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "5.9.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Ghost Foundation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": 9.6,
          "baseSeverity": "Critical",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-284: Improper Access Control"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1624",
            "refsource": "MISC",
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1624"
          },
          {
            "name": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6",
            "refsource": "CONFIRM",
            "url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=4.46.0 \u003c4.48.8||\u003e=5.0.0 \u003c5.22.7",
          "affected_versions": "All versions starting from 4.46.0 before 4.48.8, all versions starting from 5.0.0 before 5.22.7",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-284",
            "CWE-937"
          ],
          "date": "2022-12-29",
          "description": "An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.",
          "fixed_versions": [
            "4.48.8",
            "5.22.7"
          ],
          "identifier": "CVE-2022-41654",
          "identifiers": [
            "CVE-2022-41654",
            "GHSA-9gh8-wp53-ccc6",
            "GMS-2022-7409"
          ],
          "not_impacted": "All versions before 4.46.0, all versions starting from 4.48.8 before 5.0.0, all versions starting from 5.22.7",
          "package_slug": "npm/ghost",
          "pubdate": "2022-12-22",
          "solution": "Upgrade to versions 4.48.8, 5.22.7 or above.",
          "title": "Improper Access Control",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-41654",
            "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1624",
            "https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6",
            "https://forum.ghost.org/t/security-update-available-for-ghost-4-48-7-and-5-22-6/34475",
            "https://github.com/advisories/GHSA-9gh8-wp53-ccc6"
          ],
          "uuid": "e5b61893-4691-439e-ba32-0455716dff08"
        },
        {
          "affected_range": "\u003c0",
          "affected_versions": "All versions starting from 4.46.0 before 4.48.8, all versions starting from 5.0.0 before 5.22.7",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2022-11-28",
          "description": "### Impact\n\nOn sites where members is enabled (this is the default) it is possible for members (unprivileged users) to make changes to newsletter settings. This gives unprivileged users the ability to view and change settings they were not intended to have access to. They are not able to escalate their privileges permanently or get access to further information. This issue was caused by a gap in our API validation for nested objects.\n\nGhost(Pro) has already been patched. We can find no evidence that the issue was exploited on Ghost(Pro) prior to the patch being added.\n\nSelf-hosters are impacted if running Ghost a version between v4.46.0 and v4.48.7 or any version of v5 prior to v5.22.7. Immediate action should be taken to secure your site - see patches \u0026 workarounds below.\n\n### Patches\n- v4.48.8 / v5.22.7 are patched for all known exploits\n- v4.48.9 / v5.24.1 contain deeper fixes to the API to close the potential for this vulnerability to appear elsewhere or regress \n\n### Workarounds\nThe known exploit can be prevented by [disabling members](https://ghost.org/help/can-i-disable-memberships/) until an update can be performed.\n\n### References\n- [forum post](https://forum.ghost.org/t/security-update-available-for-ghost-4-x-and-4-x/34475)\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at [security@ghost.org](mailto:security@ghost.org)\n\n---\n\nCredits: Dave McDaniel and other members of [Cisco Talos](https://talosintelligence.com/vulnerability_reports)",
          "fixed_versions": [
            "4.48.8",
            "5.22.7"
          ],
          "identifier": "GMS-2022-7409",
          "identifiers": [
            "GHSA-9gh8-wp53-ccc6",
            "GMS-2022-7409",
            "CVE-2022-41654"
          ],
          "not_impacted": "All versions before 4.46.0, all versions starting from 4.48.8 before 5.0.0, all versions starting from 5.22.7",
          "package_slug": "npm/ghost",
          "pubdate": "2022-11-28",
          "solution": "Upgrade to versions 4.48.8, 5.22.7 or above.",
          "title": "Duplicate of ./npm/ghost/CVE-2022-41654.yml",
          "urls": [
            "https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6",
            "https://forum.ghost.org/t/security-update-available-for-ghost-4-48-7-and-5-22-6/34475",
            "https://github.com/advisories/GHSA-9gh8-wp53-ccc6"
          ],
          "uuid": "da58a802-13cf-4ae2-9aec-855c20bc2a7b"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.48.8",
                "versionStartIncluding": "4.46.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.22.7",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2022-41654"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1624",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1624"
            },
            {
              "name": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2022-12-29T20:33Z",
      "publishedDate": "2022-12-22T10:15Z"
    }
  }
}

GHSA-9GH8-WP53-CCC6

Vulnerability from github – Published: 2022-11-28 22:06 – Updated: 2022-12-30 01:41

Summary

ghost vulnerable to unauthorized newsletter modification via improper access controls

Details

Impact

On sites where members is enabled (this is the default) it is possible for members (unprivileged users) to make changes to newsletter settings. This gives unprivileged users the ability to view and change settings they were not intended to have access to. They are not able to escalate their privileges permanently or get access to further information. This issue was caused by a gap in our API validation for nested objects.

Ghost(Pro) has already been patched. We can find no evidence that the issue was exploited on Ghost(Pro) prior to the patch being added.

Self-hosters are impacted if running Ghost a version between v4.46.0 and v4.48.7 or any version of v5 prior to v5.22.7. Immediate action should be taken to secure your site - see patches & workarounds below.

Patches

v4.48.8 / v5.22.7 are patched for all known exploits.
v4.48.9 / v5.24.1 contain deeper fixes to the API to close the potential for this vulnerability to appear elsewhere or regress

Workarounds

The known exploit can be prevented by disabling members until an update can be performed.

References

forum post

For more information

If you have any questions or comments about this advisory: * Email us at security@ghost.org

Credits: Dave McDaniel and other members of Cisco Talos

Severity ?

8.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "ghost"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.22.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "ghost"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.46.0"
            },
            {
              "fixed": "4.48.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-41654"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-28T22:06:24Z",
    "nvd_published_at": "2022-12-22T10:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nOn sites where members is enabled (this is the default) it is possible for members (unprivileged users) to make changes to newsletter settings. This gives unprivileged users the ability to view and change settings they were not intended to have access to. They are not able to escalate their privileges permanently or get access to further information. This issue was caused by a gap in our API validation for nested objects.\n\nGhost(Pro) has already been patched. We can find no evidence that the issue was exploited on Ghost(Pro) prior to the patch being added.\n\nSelf-hosters are impacted if running Ghost a version between v4.46.0 and v4.48.7 or any version of v5 prior to v5.22.7. Immediate action should be taken to secure your site - see patches \u0026 workarounds below.\n\n### Patches\n-  v4.48.8 / v5.22.7 are patched for all known exploits.\n-  v4.48.9 / v5.24.1 contain deeper fixes to the API to close the potential for this vulnerability to appear elsewhere or regress \n\n### Workarounds\nThe known exploit can be prevented by [disabling members](https://ghost.org/help/can-i-disable-memberships/) until an update can be performed.\n\n### References\n- [forum post](https://forum.ghost.org/t/security-update-available-for-ghost-4-x-and-4-x/34475)\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at [security@ghost.org](mailto:security@ghost.org)\n\n---\n\nCredits: Dave McDaniel and other members of [Cisco Talos](https://talosintelligence.com/vulnerability_reports)",
  "id": "GHSA-9gh8-wp53-ccc6",
  "modified": "2022-12-30T01:41:15Z",
  "published": "2022-11-28T22:06:24Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41654"
    },
    {
      "type": "WEB",
      "url": "https://forum.ghost.org/t/security-update-available-for-ghost-4-48-7-and-5-22-6/34475"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/TryGhost/Ghost"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1624"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ghost vulnerable to unauthorized newsletter modification via improper access controls"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-41654 (GCVE-0-2022-41654)

FKIE_CVE-2022-41654

GSD-2022-41654

GHSA-9GH8-WP53-CCC6

Impact

Patches

Workarounds

References

For more information

Tags

Sightings

Nomenclature