CVE-2023-40028

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 15, 2023

Updated: Aug 23, 2023

CWE ID 59

CWE ID 22

Summary

CVE-2023-40028 is a vulnerability affecting versions of Ghost, an open-source content management system, prior to 5.59.1. This issue enables authenticated users to upload symlinked files, which can be exploited to perform arbitrary file reads on the host operating system. Site administrators should examine the `content/` folder for any unfamiliar symlinks as a sign of potential exploitation. Ghost has released a patch in version 5.59.1, and users are urged to upgrade without delay. Currently, there are no known workarounds for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sQ8bEh
https://www.cve.org/CVERecord?id=CVE-2023-40028
https://nvd.nist.gov/vuln/detail/CVE-2023-40028

Back to Vulnerability Database

CVE-2023-40028

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations