CVE-2022-41654

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-41654

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-41654.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-41654

Aliases

Withdrawn

2024-05-08T06:52:02.704740Z

Published

2022-12-22T10:15:10Z

Modified

2023-12-06T00:47:34.179723Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.

References

Affected packages

Git / github.com/tryghost/ghost

Affected ranges

Type: GIT
Repo: https://github.com/tryghost/ghost
Events: Introduced

67c5395a7f50779691beaee28941adc38553f348

Fixed

2034eac6342ad0b206b8cbf826fba39cbcea56ca

Introduced

c001865e7cbd3f5e9846f109c8ab5eb348f120b4

Affected versions

v4.*

v4.46.0

v4.46.1

v4.46.2

v4.47.0

v4.47.1

v4.47.2

v4.47.3

v4.47.4

v4.48.0

v4.48.1

v4.48.2

v4.48.3

v4.48.4

v4.48.5

v4.48.6

v4.48.7