CVE Catalog

CVE-2023-4624

LowCVSS 2.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.53%

41th percentile — higher than 41% of all known CVEs

Summary

There is a Server-Side Request Forgery (SSRF) vulnerability in the GitHub repository bookstackapp/bookstack prior to version 23.08. This allows attackers to send requests to internal server services, potentially leading to the exposure of sensitive information.

Risk Assessment

This vulnerability could lead to serious security breaches, including data exposure or takeover of internal services. Organizations should be aware of the risks associated with unauthorized access to server resources.

Recommendation

It is recommended to upgrade to version 23.08 or later to mitigate this vulnerability. Additionally, conducting a security audit of the application to identify potential threats is advisable.

Original NVD description (English source)

Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS