{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T19:46:36.088","vulnerabilities":[{"cve":{"id":"CVE-2021-39192","sourceIdentifier":"security-advisories@github.com","published":"2021-09-03T15:15:09.410","lastModified":"2024-11-21T06:18:50.937","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Ghost is a Node.js content management system. An error in the implementation of the limits service between versions 4.0.0 and 4.9.4 allows all authenticated users (including contributors) to view admin-level API keys via the integrations API endpoint, leading to a privilege escalation vulnerability. This issue is patched in Ghost version 4.10.0. As a workaround, disable all non-Administrator accounts to prevent API access. It is highly recommended to regenerate all API keys after patching or applying the workaround."},{"lang":"es","value":"Ghost es un sistema de administración de contenidos Node.js. Un error en la implementación del servicio de límites entre las versiones 4.0.0 y 4.9.4, permite a todos los usuarios autenticados (incluidos los colaboradores) visualizar las claves de la API a nivel de administrador por medio del endpoint de la API de integraciones, conllevando a una vulnerabilidad de escalada de privilegios. Este problema se ha corregido en la versión 4.10.0 de Ghost. Como solución, deshabilite todas las cuentas que no sean de administrador para prevenir el acceso a la API. Se recomienda encarecidamente regenerar todas las claves de la API después de aplicar el parche o la solución"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.10.0","matchCriteriaId":"1CD08534-3B8F-47EC-AE75-2F3F3FA6BF03"}]}]}],"references":[{"url":"https://github.com/TryGhost/Ghost/releases/tag/v4.10.0","source":"security-advisories@github.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-j5c2-hm46-wp5c","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/TryGhost/Ghost/releases/tag/v4.10.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-j5c2-hm46-wp5c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}