A user enumeration vulnerability exists in the login...
Moderate severity
Unreviewed
Published
Dec 22, 2022
to the GitHub Advisory Database
•
Updated Jan 29, 2023
Description
Published by the National Vulnerability Database
Dec 22, 2022
Published to the GitHub Advisory Database
Dec 22, 2022
Last updated
Jan 29, 2023
A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability.
References