CVE-2022-41697

2022-12-2210:15:10

CWE-204

[email protected]

web.nvd.nist.gov

cve-2022-41697

user enumeration

ghost foundation ghost 5.9.4

information disclosure

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.4%

JSON

A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability.

Affected configurations

Vulners

NVD

Node

ghost_foundationghostRange≤5.9.4

CPENameOperatorVersion
ghost:ghostghosteq5.9.4

CPE	Name	Operator	Version
ghost:ghost	ghost	eq	5.9.4

CNA Affected

[
  {
    "vendor": "Ghost Foundation",
    "product": "Ghost",
    "versions": [
      {
        "version": "5.9.4",
        "status": "affected"
      }
    ]
  }
]