Skip to main content

Improper Authorization

CVE-2015-1409

Severity Medium
Score 5.3/10

Summary

The ghost npm package before versions 0.5.9 is affected by an Authentication Bypass vulnerability which would allow an attacker to impersonate an HTTP GET request with any id to access other users’ drafts.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • LOW
  • NONE

CWE-285 - Improper Authorization

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Advisory Timeline

  • Published