GHSA-9c9v-w225-v5rg: Ghost vulnerable to arbitrary file read via symlinks in content import

Skip to content

• • Actions

    Automate any workflow

  • Packages

    Host and manage packages

  • Security

    Find and fix vulnerabilities

  • Codespaces

    Instant dev environments

  • Copilot

    Write better code with AI

  • Code review

    Manage code changes

  • Issues

    Plan and track work

  • Discussions

    Collaborate outside of code

• • GitHub Sponsors

    Fund open source developers

*   The ReadME Project
    
    GitHub community articles

• Pricing

1. GitHub Advisory Database
2. GitHub Reviewed
3. CVE-2023-40028

Ghost vulnerable to arbitrary file read via symlinks in content import

Moderate severity GitHub Reviewed Published Aug 15, 2023 in TryGhost/Ghost

Affected versions

< 5.59.1

Description

Impact

A vulnerability in Ghost allows authenticated users to upload files which are symlinks. This can be exploited to perform an arbitrary file read of any file on the operating system.

Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost’s content/ folder

Vulnerable versions

This security vulnerability is present in Ghost ≤ v5.59.0.

Patches

v5.59.1 contains a fix for this issue.

For more information

If you have any questions or comments about this advisory:

• Email us at [email protected]

References

• GHSA-9c9v-w225-v5rg
• https://nvd.nist.gov/vuln/detail/CVE-2023-40028
• TryGhost/Ghost@690fbf3

Published to the GitHub Advisory Database

Aug 15, 2023