Skip to main content

Bookstack CVE-2021-3944

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2021-12-02 security@huntr.dev
6.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 02, 2021 - 17:15 nvd
MEDIUM 6.8

DescriptionNVD

bookstack is vulnerable to Cross-Site Request Forgery (CSRF)

AnalysisAI

bookstack is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Affected products include: Bookstackapp Bookstack.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2021-4119 CRITICAL POC
9.8 Dec 15

bookstack is vulnerable to Improper Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely e

CVE-2020-26210 HIGH POC
8.7 Nov 03

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execut

CVE-2023-6199 MEDIUM POC
6.5 Nov 20

Book Stack version 23.10.2 allows filtering local files on the server. Rated medium severity (CVSS 6.5), this vulnerabil

CVE-2021-3916 MEDIUM POC
6.5 Nov 05

bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Rated medium

CVE-2021-3906 MEDIUM POC
6.5 Oct 27

bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated medium severity (CVSS 6.5), this vulne

CVE-2021-3874 MEDIUM POC
6.5 Oct 15

bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Rated medium

CVE-2021-3758 MEDIUM POC
6.5 Sep 02

bookstack is vulnerable to Server-Side Request Forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is r

CVE-2021-3915 MEDIUM POC
5.7 Nov 13

bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated medium severity (CVSS 5.7), this vulne

CVE-2022-0877 MEDIUM POC
5.4 Mar 08

Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3. Rated medium severity

CVE-2021-3768 MEDIUM POC
5.4 Sep 06

bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated m

CVE-2021-3767 MEDIUM POC
5.4 Sep 06

bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated m

CVE-2020-5256 HIGH
8.8 Mar 09

BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions,

Share

CVE-2021-3944 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy