Impact
Incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost site.
Vulnerable versions
This vulnerability is present in Ghost from v5.101.6 up to v6.19.2.
Patches
v6.19.3 contains a fix for this issue.
How to update
For self-hosters using Docker, find Docker's official Ghost image here. Updating a Docker-based Ghost instance is documented here.
If your Ghost is a Ghost-CLI install see our documentation on updating it to the latest version here.
For more information
If you have any questions or comments about this advisory, email us at security@ghost.org.
Impact
Incomplete CSRF protections around
/session/verifymade it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost site.Vulnerable versions
This vulnerability is present in Ghost from v5.101.6 up to v6.19.2.
Patches
v6.19.3 contains a fix for this issue.
How to update
For self-hosters using Docker, find Docker's official Ghost image here. Updating a Docker-based Ghost instance is documented here.
If your Ghost is a Ghost-CLI install see our documentation on updating it to the latest version here.
For more information
If you have any questions or comments about this advisory, email us at security@ghost.org.