CVE-2024-36676 Information

Description

Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms.

Reference

https://github.com/BookStackApp/BookStack/issues/4993 https://www.bookstackapp.com/blog/bookstack-release-v24-05-1/ https://github.com/BookStackApp/BookStack/releases/tag/v24.05.1