CVE-2024-36676: BookStack Incorrect Access Control vulnerability
Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms.
References
- github.com/BookStackApp/BookStack
- github.com/BookStackApp/BookStack/commit/69af9e0dbdefd8c6c951e8afbe2bba141d454beb
- github.com/BookStackApp/BookStack/issues/4993
- github.com/BookStackApp/BookStack/releases/tag/v24.05.1
- github.com/advisories/GHSA-pj36-fcrg-327j
- nvd.nist.gov/vuln/detail/CVE-2024-36676
- www.bookstackapp.com/blog/bookstack-release-v24-05-1
Code Behaviors & Features
Detect and mitigate CVE-2024-36676 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →