Impact
A user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server side requests and/or have access to a wider scope of files within the BookStack file storage locations.
Patches
The issue was addressed in BookStack v0.30.5.
Workarounds
Page edit permissions could be limited to only those that are trusted until you can upgrade.
References
Attribution
- Thanks to @PercussiveElbow for the responsible discovery & reporting of this vulnerability.
For more information
If you have any questions or comments about this advisory:
Impact
A user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server side requests and/or have access to a wider scope of files within the BookStack file storage locations.
Patches
The issue was addressed in BookStack v0.30.5.
Workarounds
Page edit permissions could be limited to only those that are trusted until you can upgrade.
References
Attribution
For more information
If you have any questions or comments about this advisory: