Cisco Talos recently discovered two vulnerabilities in Ghost CMS, one authentication bypass vulnerability and one enumeration vulnerability.
Ghost is a content management system with tools to build a website, publish content and send newsletters. Ghost offers paid subscriptions to members and supports a number of integrations with external services.
Talos has identified an authentication bypass vulnerability that can lead to increased privileges. TALOS-2022-1624 (CVE-2022-41654) allows external users to update their newsletter preferences too liberally, which could allow a user full access to create and modify newsletters, including the default sent to all members.
TALOS-2022-1625 (CVE-2022-41697) is an enumeration vulnerability in the login functionality of Ghost which can lead to a disclosure of sensitive information.
An attacker can send HTTP requests to trigger these vulnerabilities.