Security News > 2020 > May > Hackers Exploit Critical Flaw in Ghost Platform with Cryptojacking Attack

Hackers Exploit Critical Flaw in Ghost Platform with Cryptojacking Attack
2020-05-04 19:23

Hackers targeted the publishing platform Ghost over the weekend, launching a cryptojacking attack against its servers that led to widespread outages.

The attack stemmed from the exploit of critical vulnerabilities in SaltStack, used in Ghost's server management infrastructure.

Ghost is a free, open-source blogging platform with an install base of over 2 million, including big-name customers like Mozilla and DuckDuckGo.

Upon further investigation, Ghost said that the hack stemmed from attackers exploiting two flaws, CVE-2020-11651 and CVE-2020-11652, which allow full remote code execution as root on servers in data centers and cloud environments.

Both Ghost Pro sites and Ghost.org billing services were affected - though Ghost said that credit card data was not affected.


News URL

https://threatpost.com/hackers-exploit-critical-flaw-in-ghost-platform-with-cryptojacking-attack/155431/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-04-30 CVE-2020-11651 An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2.
network
low complexity
saltstack opensuse debian canonical vmware
7.5
2020-04-30 CVE-2020-11652 Path Traversal vulnerability in multiple products
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2.
4.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ghost 2 0 15 2 4 21