ssddanbrown/bookstack does not properly validate user’s access. The permission service allows users to obtain unauthorized access to the API, enabling users to view any attachment without having permission.
CPE | Name | Operator | Version |
---|---|---|---|
ssddanbrown/bookstack | le | v0.24.1 | |
ssddanbrown/bookstack | le | v0.24.1 |