A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability.
References
Link | Resource |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1625 | Exploit Third Party Advisory |
Configurations
History
29 Dec 2022, 18:21
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:ghost:ghost:5.9.4:*:*:*:*:node.js:*:* | |
First Time |
Ghost
Ghost ghost |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
References | (MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2022-1625 - Exploit, Third Party Advisory |
22 Dec 2022, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-22 10:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-41697
Mitre link : CVE-2022-41697
CVE.ORG link : CVE-2022-41697
JSON object : View
Products Affected
ghost
- ghost
CWE
CWE-204
Observable Response Discrepancy