Steps to reproduce
While browsing through the https://blog.brave.com/admin, it is getting redirected to a admin login panel https://brave.ghost.io/ghost/signin/.
Consequence An attacker can easily enumerate this admin panel with the url such as https://blog.brave.com/admin and with brute force attack this can be bypassed, but I didn't do that. If a known ghost.io vulnerability exists there can be chances of even taking over the sub domain.
It's recommended to give custom directory names instead of easily guessable names such as "admin" for such sensitive directories.
Please find the attached screenshots.