CVE-2023-26510

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
05/03/2023
Last modified:
09/03/2023

Description

Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no security impact.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:ghost:ghost:5.35.0:*:*:*:*:node.js:*:*