2 matches found
Ghost 授权问题漏洞
Ghost is a hosting service of Ghost Open Source. An authorization issue vulnerability exists in Ghost versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, which stems from a flaw in Ghost's two-factor authentication mechanism that could cause a staff user to skip two-factor authentication f...
Ghost has Staff 2FA bypass
Impact A vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. Vulnerable versions This vulnerability is present in Ghost v5.105.0 to v5.130.5 to and Ghost v6.0.0 to v6.10.3. Patches v5.130.6 and v6.11.0 contain a fix for this issue. References Ghost thanks Sho Odagiri of G...