CVE-2020-26260

Name of the Vulnerable Software and Affected Versions BookStack versions prior to 0.30.5

Description BookStack is a platform for storing and organizing information and documentation. A user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server-side requests and/or have access to a wider scope of files within the BookStack file storage locations.

Recommendations For versions prior to 0.30.5, upgrade to BookStack v0.30.5 to address the issue. As a temporary workaround, consider limiting page edit permissions to only those that are trusted until you can upgrade.