Ghost · Ghost · CVE-2021-39192
**Name of the Vulnerable Software and Affected Versions**
Ghost versions 4.0.0 through 4.9.4
**Description**
An error in the implementation of the limits service allows all authenticated users, including contributors, to view admin-level API keys via the "integrations API endpoint", leading to a privilege escalation issue. This allows unauthorized access to sensitive information. It is highly recommended to regenerate all API keys after patching or applying the workaround.
**Recommendations**
For Ghost versions 4.0.0 through 4.9.4, upgrade to version 4.10.0 as soon as possible.
As a temporary workaround, consider disabling all non-Administrator accounts to prevent API access.
After patching or applying the workaround, regenerate all API keys to ensure security.