logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2024-36676 ssddanbrown/bookstack

Package

Manager: composer
Name: ssddanbrown/bookstack
Vulnerable Version: >=0 <24.05.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00229 pctl0.45553

Details

BookStack Incorrect Access Control vulnerability Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms.

Metadata

Created: 2024-07-10T00:30:41Z
Modified: 2024-07-10T16:51:36Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-pj36-fcrg-327j/GHSA-pj36-fcrg-327j.json
CWE IDs: ["CWE-284", "CWE-79"]
Alternative ID: GHSA-pj36-fcrg-327j
Finding: F039
Auto approve: 1