Опубликовано: 10 июл. 2024
Источник: github
Github: Прошло ревью
CVSS4: 8.8
CVSS3: 8.2
Описание
BookStack Incorrect Access Control vulnerability
Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-36676
- https://github.com/BookStackApp/BookStack/issues/4993
- https://github.com/BookStackApp/BookStack/commit/69af9e0dbdefd8c6c951e8afbe2bba141d454beb
- https://github.com/BookStackApp/BookStack/releases/tag/v24.05.1
- https://www.bookstackapp.com/blog/bookstack-release-v24-05-1
Пакеты
Наименование
ssddanbrown/bookstack
composer
Затронутые версииВерсия исправления
< 24.05.1
24.05.1
Связанные уязвимости
CVSS3: 7.5
nvd
больше 1 года назад
Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms.