Ghost vulnerable to arbitrary file read via symlinks in content import

GHSA-9c9v-w225-v5rg · BIT-ghost-2023-40028 · CVE-2023-40028

Published Aug 15, 2023 · Modified Dec 6, 2023

Description

Impact

A vulnerability in Ghost allows authenticated users to upload files which are symlinks. This can be exploited to perform an arbitrary file read of any file on the operating system.

Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's content/ folder

Vulnerable versions

This security vulnerability is present in Ghost ≤ v5.59.0.

Patches

v5.59.1 contains a fix for this issue.

For more information

If you have any questions or comments about this advisory:

Email us at security@ghost.org

References

WEB https://github.com/TryGhost/Ghost/security/advisories/GHSA-9c9v-w225-v5rg
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-40028
WEB https://github.com/TryGhost/Ghost/commit/690fbf3f7302ff3f77159c0795928bdd20f41205
PACKAGE https://github.com/TryGhost/Ghost

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes