Improper Authorization
CVE-2015-1408
Summary
The ghost npm package before versions 0.5.9 is affected by an Authentication Bypass vulnerability since it allows an attacker to change the privileges of other users, and update their email.
- LOW
- NETWORK
- LOW
- UNCHANGED
- NONE
- NONE
- LOW
- NONE
CWE-285 - Improper Authorization
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
References
Advisory Timeline
- Published