Authentication Bypass Vulnerability in Ghost Foundation's Newsletter Subscription
CVE-2022-41654

9.6CRITICAL

Key Information:

Vendor: Ghost Foundation
Status: Ghost
Vendor: CVE Published:; 22 December 2022

🔔 Create Ghost Foundation Vulnerability Alert

What is CVE-2022-41654?

An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation's product, Ghost 5.9.4. By crafting a specific HTTP request, an attacker can exploit this weakness to gain unauthorized access and elevate privileges within the application. This could lead to potential misuse of user data and compromise the integrity of the platform. Organizations using this version must take immediate action to mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Ghost 5.9.4

References

https://talosintelligence.com/vulnerability_reports/TALOS...

https://github.com/TryGhost/Ghost/security/advisories/GHS...

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

CVSS V3.0

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 22, 2022
Vulnerability Reserved
Sep 29, 2022

JSON

Ghost Foundation

What is CVE-2022-41654?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

CVSS V3.0

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.