CVE-2022-27139

{"id": "CVE-2022-27139", "cveTags": [{"tags": ["disputed"], "sourceIdentifier": "[email protected]"}], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-04-12T17:15:09.840", "references": [{"url": "http://ghost.org/docs/security/#privilege-escalation-attacks", "source": "[email protected]"}, {"url": "https://youtu.be/FCqWEvir2wE", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "http://ghost.org/docs/security/#privilege-escalation-attacks", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://youtu.be/FCqWEvir2wE", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploading of SVG files to Ghost does not represent a remote code execution vulnerability. SVGs are not executable on the server, and may only execute javascript in a client's browser - this is expected and intentional functionality"}, {"lang": "es", "value": "** EN DISPUTA ** Una vulnerabilidad de carga de archivos arbitraria en el m\u00f3dulo de carga de archivos de Ghost versi\u00f3n v4.39.0, permite a atacantes ejecutar c\u00f3digo arbitrario por medio de un archivo SVG dise\u00f1ado. NOTA: El proveedor afirma que, tal y como se indica en la documentaci\u00f3n de seguridad de Ghost, la carga de SVG s\u00f3lo es posible por parte de usuarios autentificados de confianza. La carga de archivos SVG en Ghost no representa una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. Los SVG no son ejecutables en el servidor, y s\u00f3lo pueden ejecutar javascript en el navegador de un cliente; se trata de una funcionalidad esperada e intencionada"}], "lastModified": "2024-11-21T06:55:13.503", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ghost:ghost:4.39.0:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "385A2C69-1F04-4162-BBFB-2FA2704DFC3E"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}