Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Server Side Request Forgery in BookStack
Vulnerability Description
BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server side requests and/or have access to a wider scope of files within the BookStack file storage locations. The issue was addressed in BookStack v0.30.5. As a workaround, page edit permissions could be limited to only those that are trusted until you can upgrade.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
BookStack 注入漏洞
Vulnerability Description
BookStack是BookStackApp(Bookstackapp)团队的一套开源的使用PHP和Laravel构建wiki文档的平台。 BookStack 存在安全漏洞,该漏洞源于在0.30.5版本之前的BookStack中,拥有编辑页面权限的用户可以在导出系统中设置特定的图像URL的to操作功能,这将允许他们发出服务器端请求,或者访问书架文件存储位置内更大范围的文件。这个问题在BookStack v0.30.5中得到了解决。作为一种解决办法,页面编辑权限可以限制为只有那些信任,直到您可以升级。
CVSS Information
N/A
Vulnerability Type
N/A