{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T06:24:35.705","vulnerabilities":[{"cve":{"id":"CVE-2020-26260","sourceIdentifier":"security-advisories@github.com","published":"2020-12-09T17:15:30.477","lastModified":"2024-11-21T05:19:41.170","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server side requests and/or have access to a wider scope of files within the BookStack file storage locations. The issue was addressed in BookStack v0.30.5. As a workaround, page edit permissions could be limited to only those that are trusted until you can upgrade."},{"lang":"es","value":"BookStack es una plataforma para almacenar y organizar información y documentación. En BookStack versiones anteriores a 0.30.5, un usuario con permisos para editar una página podía configurar determinadas URL de imagen para manipular la funcionalidad en el sistema de exportación, lo que podría permitir realizar peticiones del lado del servidor y/o tener acceso a un alcance más amplio de archivos dentro las ubicaciones de almacenamiento de archivos de BookStack. El problema se abordó en BookStack versión v0.30.5. Como solución alternativa, los permisos de edición de página podrían estar limitada solo a aquellos que son confiables hasta que pueda actualizar"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:N","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bookstackapp:bookstack:*:*:*:*:*:*:*:*","versionEndExcluding":"0.30.5","matchCriteriaId":"97847080-31E8-47BF-8E66-671D8DB7D28D"}]}]}],"references":[{"url":"https://bookstackapp.com/blog/beta-release-v0-30-5/","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/BookStackApp/BookStack/releases/tag/v0.30.5","source":"security-advisories@github.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/BookStackApp/BookStack/security/advisories/GHSA-8wfc-w2r5-x7cr","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://bookstackapp.com/blog/beta-release-v0-30-5/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://github.com/BookStackApp/BookStack/releases/tag/v0.30.5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/BookStackApp/BookStack/security/advisories/GHSA-8wfc-w2r5-x7cr","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}