CVE-2024-36676

Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms.
Configurations

No configuration.

History

21 Nov 2024, 09:22

Type Values Removed Values Added
References () https://github.com/BookStackApp/BookStack/issues/4993 - () https://github.com/BookStackApp/BookStack/issues/4993 -
References () https://github.com/BookStackApp/BookStack/releases/tag/v24.05.1 - () https://github.com/BookStackApp/BookStack/releases/tag/v24.05.1 -
References () https://www.bookstackapp.com/blog/bookstack-release-v24-05-1/ - () https://www.bookstackapp.com/blog/bookstack-release-v24-05-1/ -

11 Jul 2024, 15:05

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE CWE-79

11 Jul 2024, 13:05

Type Values Removed Values Added
Summary
  • (es) El control de acceso incorrecto en BookStack anterior a v24.05.1 permite a los atacantes confirmar los usuarios existentes del sistema y realizar notificaciones de DoS por correo electrónico dirigidas a través de formularios públicos.

09 Jul 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-09 22:15

Updated : 2024-11-21 09:22


NVD link : CVE-2024-36676

Mitre link : CVE-2024-36676

CVE.ORG link : CVE-2024-36676


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')