CVE-2021-411915.12.2021, 20:15bookstack is vulnerable to Improper Access ControlEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST9.8 CRITICALNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H@huntrdevCNA5.3 MEDIUMNETWORKLOWNONECVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NCVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 79%VendorProductVersionbookstackappbookstack𝑥≤ 21.11.2𝑥= Vulnerable software versionsKnown Exploits!https://huntr.dev/bounties/135f2d7d-ab0b-4351-99b9-889efac46fcahttps://huntr.dev/bounties/135f2d7d-ab0b-4351-99b9-889efac46fcaCommon Weakness EnumerationCWE-284 - Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Referenceshttps://github.com/bookstackapp/bookstack/commit/e765e618547c92f4e0b46caca6fb91f0174efd99https://huntr.dev/bounties/135f2d7d-ab0b-4351-99b9-889efac46fcahttps://github.com/bookstackapp/bookstack/commit/e765e618547c92f4e0b46caca6fb91f0174efd99https://huntr.dev/bounties/135f2d7d-ab0b-4351-99b9-889efac46fca