Lucene search

GoogleOSV:GHSA-9C9V-W225-V5RG

HistoryAug 15, 2023 - 8:35 p.m.

Ghost vulnerable to arbitrary file read via symlinks in content import

2023-08-1520:35:20

Google

osv.dev

ghost

vulnerable

arbitrary file read

symlinks

content import

operating system

exploitation

administrators

security vulnerability

patches

v5.59.0

v5.59.1

information security

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

30.2%

JSON

Impact

A vulnerability in Ghost allows authenticated users to upload files which are symlinks. This can be exploited to perform an arbitrary file read of any file on the operating system.

Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost’s content/ folder

Vulnerable versions

This security vulnerability is present in Ghost ≤ v5.59.0.

Patches

v5.59.1 contains a fix for this issue.

For more information

If you have any questions or comments about this advisory:

Email us at [email protected]

References

github.com/TryGhost/Ghost

github.com/TryGhost/Ghost/commit/690fbf3f7302ff3f77159c0795928bdd20f41205

github.com/TryGhost/Ghost/security/advisories/GHSA-9c9v-w225-v5rg

nvd.nist.gov/vuln/detail/CVE-2023-40028

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

30.2%

JSON

Related for OSV:GHSA-9C9V-W225-V5RG