Skip to main content

Observable Response Discrepancy

CVE-2022-41697

Severity Medium
Score 5.3/10

Summary

A user enumeration vulnerability exists in the login functionality of Ghost Foundation. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • LOW
  • NONE

CWE-204 - Observable Response Discrepancy

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

Advisory Timeline

  • Published