CVE-2023-6199 MEDIUM

CVE-2023-6199: Book Stack v23.10.2 - LFR via Blind SSRF

Vendor Bookstack
Product BookStack
Weakness CWE-918 · SSRF
Published November 20, 2023
Last update May 19, 2025
View on NVD All CVEs

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF.

Key dates

02Disclosure timeline

November 20, 2023 CVE published
May 19, 2025 Record updated