CVE-2023-4624

low-risk
Published 2023-08-30

Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08.

Do I need to act?

-
0.52% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
2
CVSS 2.4/10 Low
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Bookstackapp

References (4)

Vendor Advisory https://github.com/bookstackapp/bookstack/commit/c324ad928dbdd54ce5b09eb0dabe60e...
Exploit https://huntr.dev/bounties/9ce5cef6-e546-44e7-addf-a2726fa4e60c
Vendor Advisory https://github.com/bookstackapp/bookstack/commit/c324ad928dbdd54ce5b09eb0dabe60e...
Exploit https://huntr.dev/bounties/9ce5cef6-e546-44e7-addf-a2726fa4e60c
20
/ 100
low-risk
Severity 13/34 · Low
Exploitability 2/34 · Minimal
Exposure 5/34 · Minimal