Authentication Bypass

2024-06-1804:28:05

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

authentication bypass

ghost software

x-forwarded-for

remote attackers

rate-limit protection

reverse proxy

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

ghost is vulnerable Authentication Bypass. The vulnerability is caused due to the misuse of multiple X-Forwarded-For headers with different values, which allows remote attackers to bypass the rate-limit protection mechanism. Note that the project recommends a reverse proxy to prevent this vulnerability.

CPENameOperatorVersion
ghostle5.85.0
ghostle5.85.0

CPE	Name	Operator	Version
	ghost	le	5.85.0
	ghost	le	5.85.0

References

docs.google.com/document/d/1iy0X4Vc9xXYoBxFrcW6ATo8GKPV6ivuLVzn6GgEpwqE

docs.google.com/document/d/1iy0X4Vc9xXYoBxFrcW6ATo8GKPV6ivuLVzn6GgEpwqE/edit

ghost.org/docs/faq/proxying-https-infinite-loops/

github.com/TryGhost/Ghost/releases