Lucene search

@huntrdevCVELIST:CVE-2021-3916

HistoryNov 05, 2021 - 2:50 p.m.

CVE-2021-3916 Path Traversal in bookstackapp/bookstack

2021-11-0514:50:19

CWE-22

@huntrdev

www.cve.org

cve-2021-3916

path traversal

improper limitation

restricted directory.

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

26.8%

JSON

bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CNA Affected

[
  {
    "product": "bookstackapp/bookstack",
    "vendor": "bookstackapp",
    "versions": [
      {
        "lessThan": "21.10.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/bookstackapp/bookstack/commit/43830a372fc51a8793199d04a34c3f4ebdfccc7b

huntr.dev/bounties/0be32e6b-7c48-43f0-9cec-433000ad8f64

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

26.8%

JSON

Related for CVELIST:CVE-2021-3916