CVE-2021-39192

Ghost is a Node.js content management system. An error in the implementation of the limits service between versions 4.0.0 and 4.9.4 allows all authenticated users (including contributors) to view admin-level API keys via the integrations API endpoint, leading to a privilege escalation vulnerability. This issue is patched in Ghost version 4.10.0. As a workaround, disable all non-Administrator accounts to prevent API access. It is highly recommended to regenerate all API keys after patching or applying the workaround.

CVSS v3 7.2 HIGH
CVSS v2.0 6.5 MEDIUM

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/TryGhost/Ghost/releases/tag/v4.10.0	Release Notes Third Party Advisory
https://github.com/TryGhost/Ghost/security/advisories/GHSA-j5c2-hm46-wp5c	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*

History

No history.

Information

Published : 2021-09-03 15:15

Updated : 2021-09-10 19:02

NVD link : CVE-2021-39192

Mitre link : CVE-2021-39192

CVE.ORG link : CVE-2021-39192

JSON object : View

Products Affected

ghost

ghost

CWE

CWE-269

Improper Privilege Management

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2021-39192", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.2}]}, "published": "2021-09-03T15:15:09.410", "references": [{"url": "https://github.com/TryGhost/Ghost/releases/tag/v4.10.0", "tags": ["Release Notes", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-j5c2-hm46-wp5c", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Ghost is a Node.js content management system. An error in the implementation of the limits service between versions 4.0.0 and 4.9.4 allows all authenticated users (including contributors) to view admin-level API keys via the integrations API endpoint, leading to a privilege escalation vulnerability. This issue is patched in Ghost version 4.10.0. As a workaround, disable all non-Administrator accounts to prevent API access. It is highly recommended to regenerate all API keys after patching or applying the workaround."}, {"lang": "es", "value": "Ghost es un sistema de administraci\u00f3n de contenidos Node.js. Un error en la implementaci\u00f3n del servicio de l\u00edmites entre las versiones 4.0.0 y 4.9.4, permite a todos los usuarios autenticados (incluidos los colaboradores) visualizar las claves de la API a nivel de administrador por medio del endpoint de la API de integraciones, conllevando a una vulnerabilidad de escalada de privilegios. Este problema se ha corregido en la versi\u00f3n 4.10.0 de Ghost. Como soluci\u00f3n, deshabilite todas las cuentas que no sean de administrador para prevenir el acceso a la API. Se recomienda encarecidamente regenerar todas las claves de la API despu\u00e9s de aplicar el parche o la soluci\u00f3n"}], "lastModified": "2021-09-10T19:02:46.283", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "1CD08534-3B8F-47EC-AE75-2F3F3FA6BF03", "versionEndExcluding": "4.10.0", "versionStartIncluding": "4.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}