2 matches found
CVE-2021-39192
Ghost is a Node.js content management system. An error in the implementation of the limits service between versions 4.0.0 and 4.9.4 allows all authenticated users including contributors to view admin-level API keys via the integrations API endpoint, leading to a privilege escalation vulnerability...
CVE-2021-39192
Ghost CMS contains a privilege-escalation flaw in the limits service from versions 4.0.0–4.9.4 that lets all authenticated users (including contributors) view admin-level API keys via the Integrations API endpoint. The issue is fixed in Ghost 4.10.0. As a workaround, disable all non-Administrator...