CVE-2023-26510
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
05/03/2023
Last modified:
09/03/2023
Description
Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no security impact.
Impact
Base Score 3.x
5.70
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:ghost:ghost:5.35.0:*:*:*:*:node.js:*:* |
To consult the complete list of CPE names with products and versions, see this page