CVE-2023-6199 is a Server-Side Request Forgery (SSRF) vulnerability identified in BookStack version 23.10.2, a popular open-source platform for creating documentation and wikis. The vulnerability arises because the application allows filtering of local files on the server through a feature that is improperly secured, enabling an attacker to craft malicious requests that cause the server to make unintended HTTP or network requests. SSRF vulnerabilities typically allow attackers to interact with internal systems that are otherwise inaccessible from the outside, potentially leading to unauthorized access to sensitive information or internal services. In this case, the vulnerability specifically enables filtering of local files, which could allow an attacker to read sensitive files on the server or interact with internal network resources. The CVSS v3.1 base score is 6.5 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), no integrity impact (I:N), and no availability impact (A:N). This means an attacker with some level of access (low privileges) can exploit the vulnerability remotely without user interaction to gain access to confidential data, but cannot modify data or disrupt availability. No known exploits are currently reported in the wild, and no official patches or mitigations have been linked yet. The vulnerability is classified under CWE-918, which covers SSRF issues where the server is tricked into making unintended requests. Given the nature of BookStack as a documentation platform, exploitation could lead to exposure of internal documentation, configuration files, or other sensitive data stored on the server or accessible via internal networks.

For European organizations using BookStack 23.10.2, this vulnerability poses a significant risk to confidentiality of internal documentation and potentially sensitive configuration files. Since BookStack is often used for internal knowledge bases, an attacker exploiting this SSRF could access internal network resources that are otherwise protected by firewalls, leading to information disclosure or reconnaissance for further attacks. The medium severity score reflects that while the vulnerability does not allow direct modification or denial of service, the confidentiality impact can be substantial, especially if sensitive business or personal data is stored. European organizations subject to strict data protection regulations such as GDPR could face compliance risks if sensitive personal data is exposed. Additionally, internal network mapping or access to internal APIs could facilitate lateral movement by attackers. The lack of known exploits in the wild reduces immediate risk but does not eliminate it, as attackers may develop exploits in the future. Organizations relying on BookStack for critical documentation should consider this vulnerability a priority for remediation to prevent potential data breaches or internal network compromise.

1. Upgrade BookStack to a version where this vulnerability is patched once an official fix is released. Monitor the vendor’s announcements closely. 2. Until a patch is available, restrict access to the BookStack instance to trusted internal users only, preferably via VPN or secure network segments, to reduce exposure to external attackers. 3. Implement network-level controls such as firewall rules or web application firewalls (WAFs) to block suspicious outbound requests from the BookStack server, limiting its ability to make arbitrary network calls. 4. Conduct an internal audit of the BookStack deployment to identify sensitive files or data that could be exposed and apply additional access controls or encryption where possible. 5. Monitor logs for unusual request patterns or unexpected internal network access initiated by the BookStack server. 6. Employ network segmentation to isolate the BookStack server from critical internal systems to minimize impact if exploited. 7. Educate administrators and users about the risks of SSRF and ensure that any user inputs that influence server requests are validated and sanitized.