Ghost Blogging Software – Two New Vulnerabilities Haunting Users

Vulnerabilities are bound to exist regardless of the company’s reputation or capabilities. In fact, Apple has been fixing bugs on iPhone and iPad for the past year, so there’s no shame as long as they’re fixed. Now, Ghost, the JavaScript-based blogging platform, was found to be hosting two new dangerous flaws.

The vulnerabilities can cause a lot of damage if cybercriminals exploit them. CVE-2022-41654 and CVE-2022-41697 can give threat actors a lot of privileges, including the ability to make unauthorized modifications to the system.

Again, bugs are inevitable, but some are more dangerous than others. How do these two compare to other vulnerabilities in 2022? What can cybercriminals do with them? We’ve discussed everything below.

The Ghost Bugs – Out in the Light

As we mentioned, software vulnerabilities, once exploited, can cause a lot of harm, especially if the threat actors are well-experienced.

Some security flaws are fixed on the spot. However, others are still out there, being explored by cybercriminals every now and then. We’re referring to the likes of the Log4Shell bug.

Ghost has been around since 2013, allowing individual bloggers to publish their work online without any hassle. The platform is quite popular, so any cyber incident can be impactful, and we don’t think Ghost can handle any more attacks.

Back in 2020, the Ghost platform was infected with crypto-mining malware. Although it did not compromise any user data, threat actors were able to infiltrate the system.

Cisco Talos discovered the vulnerabilities and shared the following statement:

“Cisco Talos recently discovered two vulnerabilities in Ghost CMS, one authentication bypass vulnerability and one enumeration vulnerability.

Ghost is a content management system with tools to build a website, publish content and send newsletters.

Ghost offers paid subscriptions to members and supports a number of integrations with external services.”

Each vulnerability grants those who exploit it specific privileges. Here’s how these bugs work, according to Talos:

• TALOS-2022-1624 (CVE-2022-41654): Allows external users to update their newsletter preferences too liberally, which could allow a user full access to create and modify newsletters, including the default sent to all members.
• TALOS-2022-1625 (CVE-2022-41697): An enumeration vulnerability in the login functionality of Ghost which can lead to a disclosure of sensitive information.

The threat actors can easily send HTTP requests to trigger and exploit these vulnerabilities. Ghost is well aware of the situation and has addressed the issue.

When such vulnerabilities are present, immediate action should be taken to secure one’s site. They released update patches that fix the bugs on their Reddit page.

Two Vulnerabilities – Update Immediately

Ghost has released the needed updates to close the potential for these vulnerabilities. As we mentioned, everybody should install these updated patches immediately.

Vulnerabilities will pop up every now and then as these mistakes are inevitable within systems. The solution lies in the company itself, as it should address it first and release the necessary fixes on the spot.