Observable Response Discrepancy
CVE-2022-41697
Summary
A user enumeration vulnerability exists in the login functionality of Ghost Foundation. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- LOW
- NONE
CWE-204 - Observable Response Discrepancy
The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.
References
Advisory Timeline
- Published