Vulnerabilities > CVE-2022-41697 - Response Discrepancy Information Exposure vulnerability in Ghost 5.9.4

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

ghost

CWE-204

NVD

Published: 2022-12-22

Updated: 2022-12-29

Summary

A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Ghost Ghost Ghost 5.9.4	1

Common Weakness Enumeration (CWE)

CWE-204 - Response Discrepancy Information Exposure

References

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1625