3 matches found
CVE-2021-39192
Ghost is a Node.js content management system. An error in the implementation of the limits service between versions 4.0.0 and 4.9.4 allows all authenticated users including contributors to view admin-level API keys via the integrations API endpoint, leading to a privilege escalation vulnerability...
CVE-2021-39192
creationtimestamp| type| source ---|---|--- 2021-09-03 18:37:09+00:00| seen| https://t.me/cibsecurity/28262 2024-01-09 08:51:04+00:00| seen| https://t.me/arpsyndicate/2736...
CVE-2021-39192
Ghost CMS contains a privilege-escalation flaw in the limits service from versions 4.0.0–4.9.4 that lets all authenticated users (including contributors) view admin-level API keys via the Integrations API endpoint. The issue is fixed in Ghost 4.10.0. As a workaround, disable all non-Administrator...