CVE-2024-43409: Ghost's improper authentication allows access to member information and actions

August 20, 2024 (updated October 29, 2024)

Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information.

References

github.com/TryGhost/Ghost
github.com/TryGhost/Ghost/commit/dac25612520b571f58679764ecc27109e641d1db
github.com/TryGhost/Ghost/security/advisories/GHSA-78x2-cwp9-5j42
github.com/advisories/GHSA-78x2-cwp9-5j42
nvd.nist.gov/vuln/detail/CVE-2024-43409

Code Behaviors & Features

Detect and mitigate CVE-2024-43409 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →