10 matches found
EUVD-2024-2525
Malicious code in bioql PyPI...
CVE-2024-43409
Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this iss...
Improper Access Control
ghost and @tryghost/portal is vulnerable for Improper Access Control. The vulnerability is due to missing authentication checks on certain endpoints used for member actions, allowing attackers to perform member-only actions and read member information without proper authorization...
Ghost's improper authentication allows access to member information and actions
Impact Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. Vulnerable versions This security vulnerability is present in Ghost v4.46.0-v5.89.5. GhostPro customers are automatically updated to fixed...
GHSA-78X2-CWP9-5J42 Ghost's improper authentication allows access to member information and actions
Impact Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. Vulnerable versions This security vulnerability is present in Ghost v4.46.0-v5.89.5. GhostPro customers are automatically updated to fixed...
CVE-2024-43409
CVE-2024-43409 concerns Ghost, a Node.js CMS, with an improper authentication flaw on several member-action endpoints. The issue allows an attacker to perform member-only actions and read member information when exploiting vulnerable versions. Affected range includes Ghost v4.46.0–v5.89.4, with a...
CVE-2024-43409 Ghost's improper authentication allows access to member information and actions
Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this iss...
CVE-2024-43409 Ghost's improper authentication allows access to member information and actions
Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this iss...
PT-2024-30566 · Ghost · Ghost
Name of the Vulnerable Software and Affected Versions: Ghost versions 4.46.0 through 5.89.4 Description: The issue is related to improper authentication on some endpoints used for member actions, allowing an attacker to perform member-only actions and read member information. Recommendations: For...
Ghost 安全漏洞
Ghost is a hosting service from Ghost Open Source. A security vulnerability exists in Ghost versions v4.46.0 through prior to v5.89.5 that stems from improper authentication and allows an attacker to perform member-only actions and read member information...