CVE-2023-40028

ADVISORY - github

Summary

Impact

A vulnerability in Ghost allows authenticated users to upload files which are symlinks. This can be exploited to perform an arbitrary file read of any file on the operating system.

Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's content/ folder

Vulnerable versions

This security vulnerability is present in Ghost ≤ v5.59.0.

Patches

v5.59.1 contains a fix for this issue.

For more information

If you have any questions or comments about this advisory:

Email us at security@ghost.org

EPSS Score⁠: 0.75259 (0.988)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-22⁠

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-59⁠

Improper Link Resolution Before File Access ('Link Following')

ADVISORY - github

CWE-22⁠

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-59⁠

Improper Link Resolution Before File Access ('Link Following')

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-59⁠

Improper Link Resolution Before File Access ('Link Following')

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.