All the vulnerabilites related to BookStackApp - BookStack
cve-2021-4026
Vulnerability from cvelistv5
Published
2021-11-30 19:55
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
Improper Access Control in bookstackapp/bookstack
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/c6dfa80d-43e6-4b49-95af-cc031bb66b1d | x_refsource_CONFIRM | |
| https://github.com/bookstackapp/bookstack/commit/b4fa82e3298a15443ca40bff205b7a16a1031d92 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| bookstackapp | bookstackapp/bookstack |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:03.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/c6dfa80d-43e6-4b49-95af-cc031bb66b1d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bookstackapp/bookstack/commit/b4fa82e3298a15443ca40bff205b7a16a1031d92"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bookstackapp/bookstack",
"vendor": "bookstackapp",
"versions": [
{
"lessThan": "21.11.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bookstack is vulnerable to Improper Access Control"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-30T19:55:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/c6dfa80d-43e6-4b49-95af-cc031bb66b1d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bookstackapp/bookstack/commit/b4fa82e3298a15443ca40bff205b7a16a1031d92"
}
],
"source": {
"advisory": "c6dfa80d-43e6-4b49-95af-cc031bb66b1d",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in bookstackapp/bookstack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4026",
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in bookstackapp/bookstack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bookstackapp/bookstack",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "21.11.2"
}
]
}
}
]
},
"vendor_name": "bookstackapp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bookstack is vulnerable to Improper Access Control"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/c6dfa80d-43e6-4b49-95af-cc031bb66b1d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/c6dfa80d-43e6-4b49-95af-cc031bb66b1d"
},
{
"name": "https://github.com/bookstackapp/bookstack/commit/b4fa82e3298a15443ca40bff205b7a16a1031d92",
"refsource": "MISC",
"url": "https://github.com/bookstackapp/bookstack/commit/b4fa82e3298a15443ca40bff205b7a16a1031d92"
}
]
},
"source": {
"advisory": "c6dfa80d-43e6-4b49-95af-cc031bb66b1d",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4026",
"datePublished": "2021-11-30T19:55:10",
"dateReserved": "2021-11-28T00:00:00",
"dateUpdated": "2024-08-03T17:16:03.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3767
Vulnerability from cvelistv5
Published
2021-09-06 11:17
Modified
2024-08-03 17:09
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/7ec92c85-30eb-4071-8891-6183446ca980 | x_refsource_CONFIRM | |
| https://github.com/bookstackapp/bookstack/commit/040997fdc4414776bcac06a3cbaac3b26b5e8a64 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| bookstackapp | bookstackapp/bookstack |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:08.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/7ec92c85-30eb-4071-8891-6183446ca980"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bookstackapp/bookstack/commit/040997fdc4414776bcac06a3cbaac3b26b5e8a64"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bookstackapp/bookstack",
"vendor": "bookstackapp",
"versions": [
{
"lessThan": "21.08.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-06T11:17:17",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/7ec92c85-30eb-4071-8891-6183446ca980"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bookstackapp/bookstack/commit/040997fdc4414776bcac06a3cbaac3b26b5e8a64"
}
],
"source": {
"advisory": "7ec92c85-30eb-4071-8891-6183446ca980",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3767",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bookstackapp/bookstack",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "21.08.2"
}
]
}
}
]
},
"vendor_name": "bookstackapp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/7ec92c85-30eb-4071-8891-6183446ca980",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/7ec92c85-30eb-4071-8891-6183446ca980"
},
{
"name": "https://github.com/bookstackapp/bookstack/commit/040997fdc4414776bcac06a3cbaac3b26b5e8a64",
"refsource": "MISC",
"url": "https://github.com/bookstackapp/bookstack/commit/040997fdc4414776bcac06a3cbaac3b26b5e8a64"
}
]
},
"source": {
"advisory": "7ec92c85-30eb-4071-8891-6183446ca980",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3767",
"datePublished": "2021-09-06T11:17:17",
"dateReserved": "2021-09-04T00:00:00",
"dateUpdated": "2024-08-03T17:09:08.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3915
Vulnerability from cvelistv5
Published
2021-11-13 09:15
Modified
2024-08-03 17:09
Severity ?
EPSS score ?
Summary
Unrestricted Upload of File with Dangerous Type in bookstackapp/bookstack
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/fcb65f2d-257a-46f4-bac9-f6ded5649079 | x_refsource_CONFIRM | |
| https://github.com/bookstackapp/bookstack/commit/ae155d67454d6b9f6c93b2bb457aaa4b2eb1a9ed | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| bookstackapp | bookstackapp/bookstack |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/fcb65f2d-257a-46f4-bac9-f6ded5649079"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bookstackapp/bookstack/commit/ae155d67454d6b9f6c93b2bb457aaa4b2eb1a9ed"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bookstackapp/bookstack",
"vendor": "bookstackapp",
"versions": [
{
"lessThan": "21.10.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-13T09:15:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/fcb65f2d-257a-46f4-bac9-f6ded5649079"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bookstackapp/bookstack/commit/ae155d67454d6b9f6c93b2bb457aaa4b2eb1a9ed"
}
],
"source": {
"advisory": "fcb65f2d-257a-46f4-bac9-f6ded5649079",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in bookstackapp/bookstack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3915",
"STATE": "PUBLIC",
"TITLE": "Unrestricted Upload of File with Dangerous Type in bookstackapp/bookstack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bookstackapp/bookstack",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "21.10.3"
}
]
}
}
]
},
"vendor_name": "bookstackapp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/fcb65f2d-257a-46f4-bac9-f6ded5649079",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/fcb65f2d-257a-46f4-bac9-f6ded5649079"
},
{
"name": "https://github.com/bookstackapp/bookstack/commit/ae155d67454d6b9f6c93b2bb457aaa4b2eb1a9ed",
"refsource": "MISC",
"url": "https://github.com/bookstackapp/bookstack/commit/ae155d67454d6b9f6c93b2bb457aaa4b2eb1a9ed"
}
]
},
"source": {
"advisory": "fcb65f2d-257a-46f4-bac9-f6ded5649079",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3915",
"datePublished": "2021-11-13T09:15:10",
"dateReserved": "2021-10-30T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26211
Vulnerability from cvelistv5
Published
2020-11-03 21:00
Modified
2024-08-04 15:49
Severity ?
EPSS score ?
Summary
Cross-Site Scripting in BookStack
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/BookStackApp/BookStack/releases/tag/v0.30.4 | x_refsource_MISC | |
| https://github.com/BookStackApp/BookStack/security/advisories/GHSA-r2cf-8778-3jgp | x_refsource_CONFIRM | |
| https://github.com/BookStackApp/BookStack/commit/bbd1384acbe7e52c21f89af69f2dc391c95dbf54 | x_refsource_MISC | |
| https://www.bookstackapp.com/blog/beta-release-v0-30-4/ | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| BookStackApp | BookStack |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:07.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.30.4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-r2cf-8778-3jgp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/BookStackApp/BookStack/commit/bbd1384acbe7e52c21f89af69f2dc391c95dbf54"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bookstackapp.com/blog/beta-release-v0-30-4/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BookStack",
"vendor": "BookStackApp",
"versions": [
{
"status": "affected",
"version": "\u003c 0.30.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a page could insert a particular meta tag which could be used to silently redirect users to a alternative location upon visit of a page. Dangerous content may remain in the database but will be removed before being displayed on a page. If you think this could have been exploited the linked advisory provides a SQL query to test. As a workaround without upgrading, page edit permissions could be limited to only those that are trusted until you can upgrade although this will not address existing exploitation of this vulnerability. The issue is fixed in BookStack version 0.30.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "{\"CWE-79\":\"Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-03T21:00:18",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.30.4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-r2cf-8778-3jgp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/BookStackApp/BookStack/commit/bbd1384acbe7e52c21f89af69f2dc391c95dbf54"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bookstackapp.com/blog/beta-release-v0-30-4/"
}
],
"source": {
"advisory": "GHSA-r2cf-8778-3jgp",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting in BookStack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-26211",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Scripting in BookStack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BookStack",
"version": {
"version_data": [
{
"version_value": "\u003c 0.30.4"
}
]
}
}
]
},
"vendor_name": "BookStackApp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a page could insert a particular meta tag which could be used to silently redirect users to a alternative location upon visit of a page. Dangerous content may remain in the database but will be removed before being displayed on a page. If you think this could have been exploited the linked advisory provides a SQL query to test. As a workaround without upgrading, page edit permissions could be limited to only those that are trusted until you can upgrade although this will not address existing exploitation of this vulnerability. The issue is fixed in BookStack version 0.30.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-79\":\"Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BookStackApp/BookStack/releases/tag/v0.30.4",
"refsource": "MISC",
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.30.4"
},
{
"name": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-r2cf-8778-3jgp",
"refsource": "CONFIRM",
"url": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-r2cf-8778-3jgp"
},
{
"name": "https://github.com/BookStackApp/BookStack/commit/bbd1384acbe7e52c21f89af69f2dc391c95dbf54",
"refsource": "MISC",
"url": "https://github.com/BookStackApp/BookStack/commit/bbd1384acbe7e52c21f89af69f2dc391c95dbf54"
},
{
"name": "https://www.bookstackapp.com/blog/beta-release-v0-30-4/",
"refsource": "MISC",
"url": "https://www.bookstackapp.com/blog/beta-release-v0-30-4/"
}
]
},
"source": {
"advisory": "GHSA-r2cf-8778-3jgp",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-26211",
"datePublished": "2020-11-03T21:00:18",
"dateReserved": "2020-10-01T00:00:00",
"dateUpdated": "2024-08-04T15:49:07.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5256
Vulnerability from cvelistv5
Published
2020-03-09 15:50
Modified
2024-08-04 08:22
Severity ?
EPSS score ?
Summary
Remote Code Execution Through Image Uploads in BookStack
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/BookStackApp/BookStack/security/advisories/GHSA-g9rq-x4fj-f5hx | x_refsource_CONFIRM | |
| https://github.com/BookStackApp/BookStack/releases/tag/v0.25.3 | x_refsource_MISC | |
| https://github.com/BookStackApp/BookStack/releases/tag/v0.25.4 | x_refsource_MISC | |
| https://github.com/BookStackApp/BookStack/releases/tag/v0.25.5 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| BookStackApp | BookStack |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-g9rq-x4fj-f5hx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BookStack",
"vendor": "BookStackApp",
"versions": [
{
"status": "affected",
"version": "\u003c 0.25.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area of the application. The issue was addressed in a series of patches in versions 0.25.3, 0.25.4 and 0.25.5. Users should upgrade to at least v0.25.5 to avoid this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-09T15:50:22",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-g9rq-x4fj-f5hx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.5"
}
],
"source": {
"advisory": "GHSA-g9rq-x4fj-f5hx",
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution Through Image Uploads in BookStack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5256",
"STATE": "PUBLIC",
"TITLE": "Remote Code Execution Through Image Uploads in BookStack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BookStack",
"version": {
"version_data": [
{
"version_value": "\u003c 0.25.5"
}
]
}
}
]
},
"vendor_name": "BookStackApp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area of the application. The issue was addressed in a series of patches in versions 0.25.3, 0.25.4 and 0.25.5. Users should upgrade to at least v0.25.5 to avoid this vulnerability."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-g9rq-x4fj-f5hx",
"refsource": "CONFIRM",
"url": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-g9rq-x4fj-f5hx"
},
{
"name": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.3",
"refsource": "MISC",
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.3"
},
{
"name": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.4",
"refsource": "MISC",
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.4"
},
{
"name": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.5",
"refsource": "MISC",
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.5"
}
]
},
"source": {
"advisory": "GHSA-g9rq-x4fj-f5hx",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5256",
"datePublished": "2020-03-09T15:50:22",
"dateReserved": "2020-01-02T00:00:00",
"dateUpdated": "2024-08-04T08:22:09.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4194
Vulnerability from cvelistv5
Published
2022-01-06 17:35
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
Improper Access Control in bookstackapp/bookstack
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/0bc8b3f7-9057-4eb7-a989-24cd5689f114 | x_refsource_CONFIRM | |
| https://github.com/bookstackapp/bookstack/commit/cb0d674a71449de883713db2fcdccb6e108992ad | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| bookstackapp | bookstackapp/bookstack |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0bc8b3f7-9057-4eb7-a989-24cd5689f114"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bookstackapp/bookstack/commit/cb0d674a71449de883713db2fcdccb6e108992ad"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bookstackapp/bookstack",
"vendor": "bookstackapp",
"versions": [
{
"lessThan": "21.12.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bookstack is vulnerable to Improper Access Control"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-06T17:35:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0bc8b3f7-9057-4eb7-a989-24cd5689f114"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bookstackapp/bookstack/commit/cb0d674a71449de883713db2fcdccb6e108992ad"
}
],
"source": {
"advisory": "0bc8b3f7-9057-4eb7-a989-24cd5689f114",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in bookstackapp/bookstack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4194",
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in bookstackapp/bookstack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bookstackapp/bookstack",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "21.12.1"
}
]
}
}
]
},
"vendor_name": "bookstackapp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bookstack is vulnerable to Improper Access Control"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/0bc8b3f7-9057-4eb7-a989-24cd5689f114",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0bc8b3f7-9057-4eb7-a989-24cd5689f114"
},
{
"name": "https://github.com/bookstackapp/bookstack/commit/cb0d674a71449de883713db2fcdccb6e108992ad",
"refsource": "MISC",
"url": "https://github.com/bookstackapp/bookstack/commit/cb0d674a71449de883713db2fcdccb6e108992ad"
}
]
},
"source": {
"advisory": "0bc8b3f7-9057-4eb7-a989-24cd5689f114",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4194",
"datePublished": "2022-01-06T17:35:10",
"dateReserved": "2021-12-30T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3768
Vulnerability from cvelistv5
Published
2021-09-06 11:17
Modified
2024-08-03 17:09
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/64a0229f-ff5e-4c64-b83e-9bfc0698a78e | x_refsource_CONFIRM | |
| https://github.com/bookstackapp/bookstack/commit/5e6092aaf8fd420202016038286554860bf8ea64 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| bookstackapp | bookstackapp/bookstack |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:08.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/64a0229f-ff5e-4c64-b83e-9bfc0698a78e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bookstackapp/bookstack/commit/5e6092aaf8fd420202016038286554860bf8ea64"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bookstackapp/bookstack",
"vendor": "bookstackapp",
"versions": [
{
"lessThan": "21.08.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-06T11:17:18",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/64a0229f-ff5e-4c64-b83e-9bfc0698a78e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bookstackapp/bookstack/commit/5e6092aaf8fd420202016038286554860bf8ea64"
}
],
"source": {
"advisory": "64a0229f-ff5e-4c64-b83e-9bfc0698a78e",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3768",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bookstackapp/bookstack",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "21.08.2"
}
]
}
}
]
},
"vendor_name": "bookstackapp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/64a0229f-ff5e-4c64-b83e-9bfc0698a78e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/64a0229f-ff5e-4c64-b83e-9bfc0698a78e"
},
{
"name": "https://github.com/bookstackapp/bookstack/commit/5e6092aaf8fd420202016038286554860bf8ea64",
"refsource": "MISC",
"url": "https://github.com/bookstackapp/bookstack/commit/5e6092aaf8fd420202016038286554860bf8ea64"
}
]
},
"source": {
"advisory": "64a0229f-ff5e-4c64-b83e-9bfc0698a78e",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3768",
"datePublished": "2021-09-06T11:17:18",
"dateReserved": "2021-09-04T00:00:00",
"dateUpdated": "2024-08-03T17:09:08.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6199
Vulnerability from cvelistv5
Published
2023-11-20 22:21
Modified
2024-08-02 08:21
Severity ?
EPSS score ?
Summary
Book Stack v23.10.2 - LFR via Blind SSRF
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/imagination/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bookstackapp.com/blog/bookstack-release-v23-10-3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BookStack",
"vendor": "BookStack",
"versions": [
{
"status": "affected",
"version": "23.10.2"
}
]
}
],
"datePublic": "2023-11-20T22:19:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(244, 244, 246);\"\u003eBook Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-20T22:21:04.992Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"url": "https://fluidattacks.com/advisories/imagination/"
},
{
"url": "https://www.bookstackapp.com/blog/bookstack-release-v23-10-3/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Book Stack v23.10.2 - LFR via Blind SSRF",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2023-6199",
"datePublished": "2023-11-20T22:21:04.992Z",
"dateReserved": "2023-11-18T08:49:55.083Z",
"dateUpdated": "2024-08-02T08:21:17.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3916
Vulnerability from cvelistv5
Published
2021-11-05 14:50
Modified
2024-08-03 17:09
Severity ?
EPSS score ?
Summary
Path Traversal in bookstackapp/bookstack
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/0be32e6b-7c48-43f0-9cec-433000ad8f64 | x_refsource_CONFIRM | |
| https://github.com/bookstackapp/bookstack/commit/43830a372fc51a8793199d04a34c3f4ebdfccc7b | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| bookstackapp | bookstackapp/bookstack |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0be32e6b-7c48-43f0-9cec-433000ad8f64"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bookstackapp/bookstack/commit/43830a372fc51a8793199d04a34c3f4ebdfccc7b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bookstackapp/bookstack",
"vendor": "bookstackapp",
"versions": [
{
"lessThan": "21.10.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T14:50:19",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0be32e6b-7c48-43f0-9cec-433000ad8f64"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bookstackapp/bookstack/commit/43830a372fc51a8793199d04a34c3f4ebdfccc7b"
}
],
"source": {
"advisory": "0be32e6b-7c48-43f0-9cec-433000ad8f64",
"discovery": "EXTERNAL"
},
"title": "Path Traversal in bookstackapp/bookstack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3916",
"STATE": "PUBLIC",
"TITLE": "Path Traversal in bookstackapp/bookstack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bookstackapp/bookstack",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "21.10.3"
}
]
}
}
]
},
"vendor_name": "bookstackapp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/0be32e6b-7c48-43f0-9cec-433000ad8f64",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0be32e6b-7c48-43f0-9cec-433000ad8f64"
},
{
"name": "https://github.com/bookstackapp/bookstack/commit/43830a372fc51a8793199d04a34c3f4ebdfccc7b",
"refsource": "MISC",
"url": "https://github.com/bookstackapp/bookstack/commit/43830a372fc51a8793199d04a34c3f4ebdfccc7b"
}
]
},
"source": {
"advisory": "0be32e6b-7c48-43f0-9cec-433000ad8f64",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3916",
"datePublished": "2021-11-05T14:50:19",
"dateReserved": "2021-10-31T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1000462
Vulnerability from cvelistv5
Published
2018-01-03 20:00
Modified
2024-09-17 00:16
Severity ?
EPSS score ?
Summary
BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/BookStackApp/BookStack/issues/575 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/BookStackApp/BookStack/issues/575"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-03T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/BookStackApp/BookStack/issues/575"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-12-29",
"ID": "CVE-2017-1000462",
"REQUESTER": "sajeeb.lohani@bulletproof.sh",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BookStackApp/BookStack/issues/575",
"refsource": "MISC",
"url": "https://github.com/BookStackApp/BookStack/issues/575"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000462",
"datePublished": "2018-01-03T20:00:00Z",
"dateReserved": "2018-01-03T00:00:00Z",
"dateUpdated": "2024-09-17T00:16:49.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26260
Vulnerability from cvelistv5
Published
2020-12-09 16:20
Modified
2024-08-04 15:56
Severity ?
EPSS score ?
Summary
Server Side Request Forgery in BookStack
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/BookStackApp/BookStack/security/advisories/GHSA-8wfc-w2r5-x7cr | x_refsource_CONFIRM | |
| https://bookstackapp.com/blog/beta-release-v0-30-5/ | x_refsource_MISC | |
| https://github.com/BookStackApp/BookStack/releases/tag/v0.30.5 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| BookStackApp | BookStack |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:04.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-8wfc-w2r5-x7cr"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bookstackapp.com/blog/beta-release-v0-30-5/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.30.5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BookStack",
"vendor": "BookStackApp",
"versions": [
{
"status": "affected",
"version": "\u003e= v0.7, \u003c v0.30.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL\u0027s to manipulate functionality in the exporting system, which would allow them to make server side requests and/or have access to a wider scope of files within the BookStack file storage locations. The issue was addressed in BookStack v0.30.5. As a workaround, page edit permissions could be limited to only those that are trusted until you can upgrade."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-09T16:20:14",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-8wfc-w2r5-x7cr"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bookstackapp.com/blog/beta-release-v0-30-5/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.30.5"
}
],
"source": {
"advisory": "GHSA-8wfc-w2r5-x7cr",
"discovery": "UNKNOWN"
},
"title": "Server Side Request Forgery in BookStack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-26260",
"STATE": "PUBLIC",
"TITLE": "Server Side Request Forgery in BookStack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BookStack",
"version": {
"version_data": [
{
"version_value": "\u003e= v0.7, \u003c v0.30.5"
}
]
}
}
]
},
"vendor_name": "BookStackApp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL\u0027s to manipulate functionality in the exporting system, which would allow them to make server side requests and/or have access to a wider scope of files within the BookStack file storage locations. The issue was addressed in BookStack v0.30.5. As a workaround, page edit permissions could be limited to only those that are trusted until you can upgrade."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-8wfc-w2r5-x7cr",
"refsource": "CONFIRM",
"url": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-8wfc-w2r5-x7cr"
},
{
"name": "https://bookstackapp.com/blog/beta-release-v0-30-5/",
"refsource": "MISC",
"url": "https://bookstackapp.com/blog/beta-release-v0-30-5/"
},
{
"name": "https://github.com/BookStackApp/BookStack/releases/tag/v0.30.5",
"refsource": "MISC",
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.30.5"
}
]
},
"source": {
"advisory": "GHSA-8wfc-w2r5-x7cr",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-26260",
"datePublished": "2020-12-09T16:20:14",
"dateReserved": "2020-10-01T00:00:00",
"dateUpdated": "2024-08-04T15:56:04.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3874
Vulnerability from cvelistv5
Published
2021-10-15 13:40
Modified
2024-08-03 17:09
Severity ?
EPSS score ?
Summary
Path Traversal in bookstackapp/bookstack
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/ac268a17-72b5-446f-a09a-9945ef58607a | x_refsource_CONFIRM | |
| https://github.com/bookstackapp/bookstack/commit/7224fbcc89f00f2b71644e36bb1b1d96addd1d5a | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| bookstackapp | bookstackapp/bookstack |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/ac268a17-72b5-446f-a09a-9945ef58607a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bookstackapp/bookstack/commit/7224fbcc89f00f2b71644e36bb1b1d96addd1d5a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bookstackapp/bookstack",
"vendor": "bookstackapp",
"versions": [
{
"lessThan": "21.08.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-15T13:40:18",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/ac268a17-72b5-446f-a09a-9945ef58607a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bookstackapp/bookstack/commit/7224fbcc89f00f2b71644e36bb1b1d96addd1d5a"
}
],
"source": {
"advisory": "ac268a17-72b5-446f-a09a-9945ef58607a",
"discovery": "EXTERNAL"
},
"title": "Path Traversal in bookstackapp/bookstack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3874",
"STATE": "PUBLIC",
"TITLE": "Path Traversal in bookstackapp/bookstack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bookstackapp/bookstack",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "21.08.5"
}
]
}
}
]
},
"vendor_name": "bookstackapp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ac268a17-72b5-446f-a09a-9945ef58607a",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ac268a17-72b5-446f-a09a-9945ef58607a"
},
{
"name": "https://github.com/bookstackapp/bookstack/commit/7224fbcc89f00f2b71644e36bb1b1d96addd1d5a",
"refsource": "MISC",
"url": "https://github.com/bookstackapp/bookstack/commit/7224fbcc89f00f2b71644e36bb1b1d96addd1d5a"
}
]
},
"source": {
"advisory": "ac268a17-72b5-446f-a09a-9945ef58607a",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3874",
"datePublished": "2021-10-15T13:40:18",
"dateReserved": "2021-10-08T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26210
Vulnerability from cvelistv5
Published
2020-11-03 18:20
Modified
2024-08-04 15:49
Severity ?
EPSS score ?
Summary
Cross-Site Scripting in BookStack
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/BookStackApp/BookStack/security/advisories/GHSA-7p2j-4h6p-cq3h | x_refsource_CONFIRM | |
| https://github.com/BookStackApp/BookStack/commit/349162ea139556b2d25e09e155cec84e21cc9227 | x_refsource_MISC | |
| https://bookstackapp.com/blog/beta-release-v0-30-4/ | x_refsource_MISC | |
| https://github.com/BookStackApp/BookStack/releases/tag/v0.30.4 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| BookStackApp | BookStack |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:07.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-7p2j-4h6p-cq3h"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/BookStackApp/BookStack/commit/349162ea139556b2d25e09e155cec84e21cc9227"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bookstackapp.com/blog/beta-release-v0-30-4/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.30.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BookStack",
"vendor": "BookStackApp",
"versions": [
{
"status": "affected",
"version": "\u003c 0.30.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the linked advisory provides a SQL query to test. As a workaround, page edit permissions could be limited to only those that are trusted until you can upgrade although this will not address existing exploitation of this vulnerability. The issue is fixed in version 0.30.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "{\"CWE-79\":\"Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-03T18:20:15",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-7p2j-4h6p-cq3h"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/BookStackApp/BookStack/commit/349162ea139556b2d25e09e155cec84e21cc9227"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bookstackapp.com/blog/beta-release-v0-30-4/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.30.4"
}
],
"source": {
"advisory": "GHSA-7p2j-4h6p-cq3h",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting in BookStack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-26210",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Scripting in BookStack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BookStack",
"version": {
"version_data": [
{
"version_value": "\u003c 0.30.4"
}
]
}
}
]
},
"vendor_name": "BookStackApp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the linked advisory provides a SQL query to test. As a workaround, page edit permissions could be limited to only those that are trusted until you can upgrade although this will not address existing exploitation of this vulnerability. The issue is fixed in version 0.30.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-79\":\"Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-7p2j-4h6p-cq3h",
"refsource": "CONFIRM",
"url": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-7p2j-4h6p-cq3h"
},
{
"name": "https://github.com/BookStackApp/BookStack/commit/349162ea139556b2d25e09e155cec84e21cc9227",
"refsource": "MISC",
"url": "https://github.com/BookStackApp/BookStack/commit/349162ea139556b2d25e09e155cec84e21cc9227"
},
{
"name": "https://bookstackapp.com/blog/beta-release-v0-30-4/",
"refsource": "MISC",
"url": "https://bookstackapp.com/blog/beta-release-v0-30-4/"
},
{
"name": "https://github.com/BookStackApp/BookStack/releases/tag/v0.30.4",
"refsource": "MISC",
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.30.4"
}
]
},
"source": {
"advisory": "GHSA-7p2j-4h6p-cq3h",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-26210",
"datePublished": "2020-11-03T18:20:15",
"dateReserved": "2020-10-01T00:00:00",
"dateUpdated": "2024-08-04T15:49:07.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3758
Vulnerability from cvelistv5
Published
2021-09-02 12:06
Modified
2024-08-03 17:09
Severity ?
EPSS score ?
Summary
Server-Side Request Forgery (SSRF) in bookstackapp/bookstack
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/a8d7fb24-9a69-42f3-990a-2db93b53f76b | x_refsource_CONFIRM | |
| https://github.com/bookstackapp/bookstack/commit/bee5e2c7ca637d034c6985c0328cef0ce068778e | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| bookstackapp | bookstackapp/bookstack |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:08.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a8d7fb24-9a69-42f3-990a-2db93b53f76b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bookstackapp/bookstack/commit/bee5e2c7ca637d034c6985c0328cef0ce068778e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bookstackapp/bookstack",
"vendor": "bookstackapp",
"versions": [
{
"lessThan": "21.08",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bookstack is vulnerable to Server-Side Request Forgery (SSRF)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-02T12:06:27",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a8d7fb24-9a69-42f3-990a-2db93b53f76b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bookstackapp/bookstack/commit/bee5e2c7ca637d034c6985c0328cef0ce068778e"
}
],
"source": {
"advisory": "a8d7fb24-9a69-42f3-990a-2db93b53f76b",
"discovery": "EXTERNAL"
},
"title": "Server-Side Request Forgery (SSRF) in bookstackapp/bookstack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3758",
"STATE": "PUBLIC",
"TITLE": "Server-Side Request Forgery (SSRF) in bookstackapp/bookstack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bookstackapp/bookstack",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "21.08"
}
]
}
}
]
},
"vendor_name": "bookstackapp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bookstack is vulnerable to Server-Side Request Forgery (SSRF)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a8d7fb24-9a69-42f3-990a-2db93b53f76b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a8d7fb24-9a69-42f3-990a-2db93b53f76b"
},
{
"name": "https://github.com/bookstackapp/bookstack/commit/bee5e2c7ca637d034c6985c0328cef0ce068778e",
"refsource": "MISC",
"url": "https://github.com/bookstackapp/bookstack/commit/bee5e2c7ca637d034c6985c0328cef0ce068778e"
}
]
},
"source": {
"advisory": "a8d7fb24-9a69-42f3-990a-2db93b53f76b",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3758",
"datePublished": "2021-09-02T12:06:27",
"dateReserved": "2021-08-31T00:00:00",
"dateUpdated": "2024-08-03T17:09:08.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0877
Vulnerability from cvelistv5
Published
2022-03-08 12:40
Modified
2024-08-02 23:40
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/b04df4e3-ae5a-4dc6-81ec-496248b15f3c | x_refsource_CONFIRM | |
| https://github.com/bookstackapp/bookstack/commit/856fca8289b7370cafa033ea21c408e7d4303fd6 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| bookstackapp | bookstackapp/bookstack |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b04df4e3-ae5a-4dc6-81ec-496248b15f3c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bookstackapp/bookstack/commit/856fca8289b7370cafa033ea21c408e7d4303fd6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bookstackapp/bookstack",
"vendor": "bookstackapp",
"versions": [
{
"lessThan": "v22.02.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-08T12:40:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b04df4e3-ae5a-4dc6-81ec-496248b15f3c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bookstackapp/bookstack/commit/856fca8289b7370cafa033ea21c408e7d4303fd6"
}
],
"source": {
"advisory": "b04df4e3-ae5a-4dc6-81ec-496248b15f3c",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0877",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bookstackapp/bookstack",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v22.02.3"
}
]
}
}
]
},
"vendor_name": "bookstackapp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b04df4e3-ae5a-4dc6-81ec-496248b15f3c",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b04df4e3-ae5a-4dc6-81ec-496248b15f3c"
},
{
"name": "https://github.com/bookstackapp/bookstack/commit/856fca8289b7370cafa033ea21c408e7d4303fd6",
"refsource": "MISC",
"url": "https://github.com/bookstackapp/bookstack/commit/856fca8289b7370cafa033ea21c408e7d4303fd6"
}
]
},
"source": {
"advisory": "b04df4e3-ae5a-4dc6-81ec-496248b15f3c",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0877",
"datePublished": "2022-03-08T12:40:09",
"dateReserved": "2022-03-07T00:00:00",
"dateUpdated": "2024-08-02T23:40:04.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-11055
Vulnerability from cvelistv5
Published
2020-05-07 20:40
Modified
2024-08-04 11:21
Severity ?
EPSS score ?
Summary
Cross-site Scripting in BookStack
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/BookStackApp/BookStack/security/advisories/GHSA-5vf7-q87h-pg6w | x_refsource_CONFIRM | |
| https://bookstackapp.com/blog/beta-release-v0-29-2/ | x_refsource_MISC | |
| https://github.com/BookStackApp/BookStack/releases/tag/v0.29.2 | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN41035278/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| BookStackApp | BookStack |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-5vf7-q87h-pg6w"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bookstackapp.com/blog/beta-release-v0-29-2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.29.2"
},
{
"name": "JVN#41035278",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN41035278/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BookStack",
"vendor": "BookStackApp",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.18.0, \u003c 0.29.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the comment. Through this vulnerability custom JavaScript code could be injected and therefore ran on other user machines. This most impacts scenarios where not-trusted users are given permission to create comments. This has been fixed in 0.29.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-13T06:06:14",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-5vf7-q87h-pg6w"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bookstackapp.com/blog/beta-release-v0-29-2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.29.2"
},
{
"name": "JVN#41035278",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN41035278/index.html"
}
],
"source": {
"advisory": "GHSA-5vf7-q87h-pg6w",
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting in BookStack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-11055",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting in BookStack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BookStack",
"version": {
"version_data": [
{
"version_value": "\u003e= 0.18.0, \u003c 0.29.2"
}
]
}
}
]
},
"vendor_name": "BookStackApp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the comment. Through this vulnerability custom JavaScript code could be injected and therefore ran on other user machines. This most impacts scenarios where not-trusted users are given permission to create comments. This has been fixed in 0.29.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-5vf7-q87h-pg6w",
"refsource": "CONFIRM",
"url": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-5vf7-q87h-pg6w"
},
{
"name": "https://bookstackapp.com/blog/beta-release-v0-29-2/",
"refsource": "MISC",
"url": "https://bookstackapp.com/blog/beta-release-v0-29-2/"
},
{
"name": "https://github.com/BookStackApp/BookStack/releases/tag/v0.29.2",
"refsource": "MISC",
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.29.2"
},
{
"name": "JVN#41035278",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN41035278/index.html"
}
]
},
"source": {
"advisory": "GHSA-5vf7-q87h-pg6w",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11055",
"datePublished": "2020-05-07T20:40:14",
"dateReserved": "2020-03-30T00:00:00",
"dateUpdated": "2024-08-04T11:21:14.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4119
Vulnerability from cvelistv5
Published
2021-12-15 17:25
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
Improper Access Control in bookstackapp/bookstack
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/135f2d7d-ab0b-4351-99b9-889efac46fca | x_refsource_CONFIRM | |
| https://github.com/bookstackapp/bookstack/commit/e765e618547c92f4e0b46caca6fb91f0174efd99 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| bookstackapp | bookstackapp/bookstack |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/135f2d7d-ab0b-4351-99b9-889efac46fca"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bookstackapp/bookstack/commit/e765e618547c92f4e0b46caca6fb91f0174efd99"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bookstackapp/bookstack",
"vendor": "bookstackapp",
"versions": [
{
"lessThan": "21.11.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bookstack is vulnerable to Improper Access Control"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-15T17:25:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/135f2d7d-ab0b-4351-99b9-889efac46fca"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bookstackapp/bookstack/commit/e765e618547c92f4e0b46caca6fb91f0174efd99"
}
],
"source": {
"advisory": "135f2d7d-ab0b-4351-99b9-889efac46fca",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in bookstackapp/bookstack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4119",
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in bookstackapp/bookstack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bookstackapp/bookstack",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "21.11.3"
}
]
}
}
]
},
"vendor_name": "bookstackapp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bookstack is vulnerable to Improper Access Control"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/135f2d7d-ab0b-4351-99b9-889efac46fca",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/135f2d7d-ab0b-4351-99b9-889efac46fca"
},
{
"name": "https://github.com/bookstackapp/bookstack/commit/e765e618547c92f4e0b46caca6fb91f0174efd99",
"refsource": "MISC",
"url": "https://github.com/bookstackapp/bookstack/commit/e765e618547c92f4e0b46caca6fb91f0174efd99"
}
]
},
"source": {
"advisory": "135f2d7d-ab0b-4351-99b9-889efac46fca",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4119",
"datePublished": "2021-12-15T17:25:10",
"dateReserved": "2021-12-14T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40690
Vulnerability from cvelistv5
Published
2022-10-24 00:00
Modified
2024-08-03 12:21
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.bookstackapp.com/blog/bookstack-release-v22-09/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bookstackapp.com/docs/admin/security/#using-bookstack-content-externally"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN78862034/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BookStack",
"vendor": "BookStack",
"versions": [
{
"status": "affected",
"version": "versions prior to v22.09"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-24T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.bookstackapp.com/blog/bookstack-release-v22-09/"
},
{
"url": "https://www.bookstackapp.com/docs/admin/security/#using-bookstack-content-externally"
},
{
"url": "https://jvn.jp/en/jp/JVN78862034/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-40690",
"datePublished": "2022-10-24T00:00:00",
"dateReserved": "2022-09-26T00:00:00",
"dateUpdated": "2024-08-03T12:21:46.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3906
Vulnerability from cvelistv5
Published
2021-10-27 21:20
Modified
2024-08-03 17:09
Severity ?
EPSS score ?
Summary
Unrestricted Upload of File with Dangerous Type in bookstackapp/bookstack
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/f115bdf5-c06b-4627-a6fa-ba6904a43ba3 | x_refsource_CONFIRM | |
| https://github.com/bookstackapp/bookstack/commit/64937ab826b56d086af9ecea532510d37520ebc8 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| bookstackapp | bookstackapp/bookstack |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/f115bdf5-c06b-4627-a6fa-ba6904a43ba3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bookstackapp/bookstack/commit/64937ab826b56d086af9ecea532510d37520ebc8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bookstackapp/bookstack",
"vendor": "bookstackapp",
"versions": [
{
"lessThan": "21.10.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-27T21:20:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/f115bdf5-c06b-4627-a6fa-ba6904a43ba3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bookstackapp/bookstack/commit/64937ab826b56d086af9ecea532510d37520ebc8"
}
],
"source": {
"advisory": "f115bdf5-c06b-4627-a6fa-ba6904a43ba3",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in bookstackapp/bookstack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3906",
"STATE": "PUBLIC",
"TITLE": "Unrestricted Upload of File with Dangerous Type in bookstackapp/bookstack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bookstackapp/bookstack",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "21.10.1"
}
]
}
}
]
},
"vendor_name": "bookstackapp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/f115bdf5-c06b-4627-a6fa-ba6904a43ba3",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/f115bdf5-c06b-4627-a6fa-ba6904a43ba3"
},
{
"name": "https://github.com/bookstackapp/bookstack/commit/64937ab826b56d086af9ecea532510d37520ebc8",
"refsource": "MISC",
"url": "https://github.com/bookstackapp/bookstack/commit/64937ab826b56d086af9ecea532510d37520ebc8"
}
]
},
"source": {
"advisory": "f115bdf5-c06b-4627-a6fa-ba6904a43ba3",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3906",
"datePublished": "2021-10-27T21:20:10",
"dateReserved": "2021-10-26T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3944
Vulnerability from cvelistv5
Published
2021-12-02 16:40
Modified
2024-08-03 17:09
Severity ?
EPSS score ?
Summary
Cross-Site Request Forgery (CSRF) in bookstackapp/bookstack
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/65551490-5ade-49aa-8b8d-274c2ca9fdc9 | x_refsource_CONFIRM | |
| https://github.com/bookstackapp/bookstack/commit/88e6f93abf54192a69cc8080e0dc6516ee68ccbb | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| bookstackapp | bookstackapp/bookstack |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/65551490-5ade-49aa-8b8d-274c2ca9fdc9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bookstackapp/bookstack/commit/88e6f93abf54192a69cc8080e0dc6516ee68ccbb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bookstackapp/bookstack",
"vendor": "bookstackapp",
"versions": [
{
"lessThan": "21.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bookstack is vulnerable to Cross-Site Request Forgery (CSRF)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-02T16:40:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/65551490-5ade-49aa-8b8d-274c2ca9fdc9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bookstackapp/bookstack/commit/88e6f93abf54192a69cc8080e0dc6516ee68ccbb"
}
],
"source": {
"advisory": "65551490-5ade-49aa-8b8d-274c2ca9fdc9",
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) in bookstackapp/bookstack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3944",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request Forgery (CSRF) in bookstackapp/bookstack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bookstackapp/bookstack",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "21.11"
}
]
}
}
]
},
"vendor_name": "bookstackapp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bookstack is vulnerable to Cross-Site Request Forgery (CSRF)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/65551490-5ade-49aa-8b8d-274c2ca9fdc9",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/65551490-5ade-49aa-8b8d-274c2ca9fdc9"
},
{
"name": "https://github.com/bookstackapp/bookstack/commit/88e6f93abf54192a69cc8080e0dc6516ee68ccbb",
"refsource": "MISC",
"url": "https://github.com/bookstackapp/bookstack/commit/88e6f93abf54192a69cc8080e0dc6516ee68ccbb"
}
]
},
"source": {
"advisory": "65551490-5ade-49aa-8b8d-274c2ca9fdc9",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3944",
"datePublished": "2021-12-02T16:40:10",
"dateReserved": "2021-11-10T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4624
Vulnerability from cvelistv5
Published
2023-08-30 12:02
Modified
2024-10-01 18:39
Severity ?
EPSS score ?
Summary
Server-Side Request Forgery (SSRF) in bookstackapp/bookstack
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| bookstackapp | bookstackapp/bookstack |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/9ce5cef6-e546-44e7-addf-a2726fa4e60c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/bookstackapp/bookstack/commit/c324ad928dbdd54ce5b09eb0dabe60ef9de1ea38"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4624",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T18:36:59.502628Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T18:39:14.627Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "bookstackapp/bookstack",
"vendor": "bookstackapp",
"versions": [
{
"lessThan": "v23.08",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-30T12:02:20.664Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/9ce5cef6-e546-44e7-addf-a2726fa4e60c"
},
{
"url": "https://github.com/bookstackapp/bookstack/commit/c324ad928dbdd54ce5b09eb0dabe60ef9de1ea38"
}
],
"source": {
"advisory": "9ce5cef6-e546-44e7-addf-a2726fa4e60c",
"discovery": "EXTERNAL"
},
"title": "Server-Side Request Forgery (SSRF) in bookstackapp/bookstack"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4624",
"datePublished": "2023-08-30T12:02:20.664Z",
"dateReserved": "2023-08-30T12:02:06.947Z",
"dateUpdated": "2024-10-01T18:39:14.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}