Lucene search

GitHub Advisory DatabaseGHSA-W2F4-HXPM-MQ98

HistoryNov 15, 2021 - 11:17 p.m.

bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type

2021-11-1523:17:37

CWE-434

GitHub Advisory Database

github.com

bookstack

vulnerability

upload

file

dangerous type

software

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

29.8%

JSON

bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type.

Affected configurations

Vulners

Node

ssddanbrownbookstackRange<21.0.3

VendorProductVersionCPE
ssddanbrownbookstack*cpe:2.3:a:ssddanbrown:bookstack:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ssddanbrown	bookstack	*	cpe:2.3:a:ssddanbrown:bookstack::::::::

References

github.com/advisories/GHSA-w2f4-hxpm-mq98

github.com/bookstackapp/bookstack/commit/ae155d67454d6b9f6c93b2bb457aaa4b2eb1a9ed

huntr.dev/bounties/fcb65f2d-257a-46f4-bac9-f6ded5649079

nvd.nist.gov/vuln/detail/CVE-2021-3915

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

29.8%

JSON

Related for GHSA-W2F4-HXPM-MQ98