Dave McDaniel and other members of Cisco Talos discovered these vulnerabilities.

Cisco Talos recently discovered two vulnerabilities in Ghost CMS, one authentication bypass vulnerability and one enumeration vulnerability.

Ghost is a content management system with tools to build a website, publish content and send newsletters. Ghost offers paid subscriptions to members and supports a number of integrations with external services.

Talos has identified an authentication bypass vulnerability that can lead to increased privileges.  TALOS-2022-1624 (CVE-2022-41654) allows external users to update their newsletter preferences too liberally, which could allow a user full access to create and modify newsletters, including the default sent to all members.

TALOS-2022-1625 (CVE-2022-41697) is an enumeration vulnerability in the login functionality of Ghost which can lead to a disclosure of sensitive information.

An attacker can send HTTP requests to trigger these vulnerabilities.

Cisco Talos worked with Ghost to ensure that these issues were resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.

Users are encouraged to update this affected product as soon as possible: Ghost Foundation Ghost 5.9.4. Talos tested and confirmed this version of Ghost could be exploited by these vulnerabilities.

The following Snort rules will detect exploitation attempts against these vulnerabilities: 60770. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.