CVE-2024-34451

CRITICAL

Ghost <5.85.1 - Auth Bypass

Title source: llm

Description

Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers.

References (3)

[Exploit] https://docs.google.com/document/d/1iy0X4Vc9xXYoBxFrcW6ATo8GKPV6ivuLVzn6GgEpwqE

[Product] https://ghost.org/docs/faq/proxying-https-infinite-loops/

[Product] https://github.com/TryGhost/Ghost/releases

Scores

CVSS v3 9.1

EPSS 0.0069

EPSS Percentile 71.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-1390

Status published

Products (1)

ghost/ghost < 5.85.1

Published Jun 16, 2024

Tracked Since Feb 18, 2026