PT-2024-27119 · Bookstack · Bookstack
Published
2024-07-09
·
Updated
2024-07-11
·
CVE-2024-36676
CVSS v4.0
8.8
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
BookStack versions prior to 24.05.1
Description
The issue is related to incorrect access control, allowing attackers to confirm existing system users and perform targeted notification email Denial of Service (DoS) via public-facing forms.
Recommendations
For versions prior to 24.05.1, update to version 24.05.1 or later to resolve the issue.
Fix
Improper Access Control
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Bookstack