Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's `content/` folder. Version 5.59.1 contains a fix for this issue. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-08-15T17:25:16.758Z
Updated: 2024-08-02T18:24:54.629Z
Reserved: 2023-08-08T13:46:25.244Z
Link: CVE-2023-40028
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-08-15T18:15:10.547
Modified: 2023-08-23T00:04:32.267
Link: CVE-2023-40028
Redhat
No data.