Ghost Open Source CMS Vulnerability Allows Authenticated Users to Read Arbitrary Files

CVE-2023-40028

4.9MEDIUM

Key Information

Vendor: Tryghost
Status: Ghost
Vendor: CVE Published:; 15 August 2023

Badges

👾 Exploit Exists🔴 Public PoC

Summary

Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's content/ folder. Version 5.59.1 contains a fix for this issue. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected Version(s)

Ghost = < 5.59.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-40028-Ghost-Arbitrary-File-Read
Created by monke443

CVE-2023-40028
Created by BBSynapse

Ghost-5.58-Arbitrary-File-Read-CVE-2023-40028
Created by 0xDTC

Refferences

https://github.com/TryGhost/Ghost/security/advisories/GHS...

x_refsource_CONFIRM

https://github.com/TryGhost/Ghost/commit/690fbf3f7302ff3f...

x_refsource_MISC

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

🔴
Public PoC available
Dec 10, 2024
👾
Exploit known to exist
Dec 10, 2024
Vulnerability published
Aug 15, 2023
Vulnerability Reserved
Aug 8, 2023

Collectors

NVD DatabaseMitre Database3 Proof of Concept(s)