CVE-2022-41697

State: PUBLISHED · Published: 2022-12-23 · Updated: 2025-04-14 · Assigner: talos

Description

A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability.

CWE

CWE-204 — CWE-204: Response Discrepancy Information Exposure

Affected

Ghost Foundation / Ghost — v=5.9.4 [affected]

CVSS

3.0 score=5.3 severity=MEDIUM CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1625

Source

cvelistV5-main/cves/2022/41xxx/CVE-2022-41697.json