Cisco Talos recently discovered two vulnerabilities in Ghost CMS, one authentication bypass vulnerability and one enumeration vulnerability.
Ghost is a content management system with tools to build a website, publish content and send newsletters. Ghost offers paid subscriptions to members and supports a number of integrations with external services.
Talos has identified an authentication bypass vulnerability that can lead to increased privileges. TALOS-2022-1624 (CVE-2022-41654) allows external users to update their newsletter preferences too liberally, which could allow a user full access to create and modify newsletters, including the default sent to all members.
TALOS-2022-1625 (CVE-2022-41697) is an enumeration vulnerability in the login functionality of Ghost which can lead to a disclosure of sensitive information.
An attacker can send HTTP requests to trigger these vulnerabilities.
Cisco Talos worked with Ghost to ensure that these issues were resolved, and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.
