CVE-2023-32235 – CVE-2023-32235 is a directory traversal vulnera... (How to Fix)

Q: What is the severity of CVE-2023-32235?

CVE-2023-32235 has a CVSS score of 7.5 (HIGH). CVE-2023-32235 is a directory traversal vulnerability in Ghost CMS that allows remote attackers to read arbitrary files within the active theme's folder. Attackers can exploit this by manipulating URL paths to access files outside the intended directory. This affects all Ghost installations running versions before 5.42.1.

📋 TL;DR

CVE-2023-32235 is a directory traversal vulnerability in Ghost CMS that allows remote attackers to read arbitrary files within the active theme's folder. Attackers can exploit this by manipulating URL paths to access files outside the intended directory. This affects all Ghost installations running versions before 5.42.1.

💻 Affected Systems

Products:

Ghost CMS

Versions: All versions before 5.42.1

Operating Systems: All platforms running Ghost

Default Config Vulnerable: ⚠️ Yes

Notes: All Ghost installations with the vulnerable code path are affected regardless of configuration.

📦 What is this software?

Ghost by Ghost

View all CVEs affecting Ghost →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive configuration files, source code, or other theme-related files that might contain credentials, API keys, or other sensitive information stored in the theme directory.

🟠

Likely Case

Information disclosure of theme files, potentially exposing configuration details, custom code, or other files within the theme directory structure.

🟢

If Mitigated

Limited to reading files only within the theme directory, preventing access to system files or other critical directories.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only web access to the Ghost instance and knowledge of the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.42.1

Vendor Advisory: https://github.com/TryGhost/Ghost/commit/378dd913aa8d0fd0da29b0ffced8884579598b0f

Restart Required: Yes

Instructions:

1. Backup your Ghost installation and database. 2. Update Ghost to version 5.42.1 or later using your package manager or deployment method. 3. Restart the Ghost service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Web server path restriction

all

Configure web server (nginx/apache) to block requests containing directory traversal sequences to the /assets/ endpoint

# nginx example: location ~* ^/assets/.*\.\./ { deny all; }
# Apache example: RewriteRule ^assets/.*\.\./ - [F]

🧯 If You Can't Patch

Implement WAF rules to block directory traversal patterns in URLs
Restrict access to the Ghost instance using network controls or authentication

🔍 How to Verify

Check if Vulnerable:

Check Ghost version via admin panel or run: ghost version

Check Version:

ghost version

Verify Fix Applied:

Confirm version is 5.42.1 or later and test that directory traversal attempts to /assets/built%2F..%2F..%2F/ return 404 or are blocked

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing /assets/built%2F..%2F..%2F/ patterns
Multiple 404 errors with directory traversal sequences

Network Indicators:

Unusual file access patterns to theme directories
Requests with encoded directory traversal sequences

SIEM Query:

url:*assets/built*..* AND (status:200 OR status:404)

📊 Metadata

CVE ID: CVE-2023-32235

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

Published: May 5, 2023

Last Updated: January 29, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-32235, you might also want to check these: