CVE-2021-4119 – CVE-2021-4119 is an improper access control vul... (How to Fix)

Q: What is the severity of CVE-2021-4119?

CVE-2021-4119 has a CVSS score of 9.8 (CRITICAL). CVE-2021-4119 is an improper access control vulnerability in BookStack that allows unauthenticated attackers to bypass authentication and gain administrative privileges. This affects all BookStack instances with default configurations. Attackers can fully compromise the application and access/modify all content.

📋 TL;DR

CVE-2021-4119 is an improper access control vulnerability in BookStack that allows unauthenticated attackers to bypass authentication and gain administrative privileges. This affects all BookStack instances with default configurations. Attackers can fully compromise the application and access/modify all content.

💻 Affected Systems

Products:

BookStack

Versions: All versions before v21.12.2

Operating Systems: All platforms running BookStack

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Bookstack by Bookstackapp

View all CVEs affecting Bookstack →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to read, modify, or delete all documentation, inject malicious content, and potentially pivot to other systems.

🟠

Likely Case

Unauthenticated attackers gain administrative access to the BookStack instance, enabling them to steal sensitive documentation, modify content, or deploy backdoors.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the BookStack application only.

🌐 Internet-Facing: HIGH - Internet-facing instances are directly exploitable by any attacker without authentication.

🏢 Internal Only: HIGH - Internal instances are vulnerable to any internal attacker or compromised internal system.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP request manipulation can trigger the vulnerability. Public exploit code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v21.12.2 and later

Vendor Advisory: https://github.com/bookstackapp/bookstack/security/advisories/GHSA-9xwj-8wq9-9w8w

Restart Required: Yes

Instructions:

1. Backup your BookStack instance and database. 2. Update to BookStack v21.12.2 or later via git pull or package update. 3. Clear application cache: php artisan cache:clear. 4. Restart web server and PHP-FPM services.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to BookStack to trusted IP addresses only

Web Server Authentication

linux

Implement basic authentication at web server level (nginx/apache)

🧯 If You Can't Patch

Take BookStack instance offline immediately
Implement strict network segmentation and firewall rules to limit access

🔍 How to Verify

Check if Vulnerable:

Check BookStack version via admin panel or by examining the application files. Versions before v21.12.2 are vulnerable.

Check Version:

grep -r "version.*=.*" app/Version.php | grep -o "[0-9]\+\.[0-9]\+\.[0-9]\+"

Verify Fix Applied:

Confirm version is v21.12.2 or later and test authentication bypass attempts fail.

📡 Detection & Monitoring

Log Indicators:

Unauthenticated requests to admin endpoints
Multiple failed login attempts followed by successful admin access
Unusual user agent strings or IP addresses accessing sensitive endpoints

Network Indicators:

HTTP requests with manipulated authentication headers
Requests to /settings or /admin endpoints from unauthenticated sources

SIEM Query:

source="bookstack" AND (uri_path="/settings" OR uri_path="/admin") AND http_status=200 AND auth_status="unauthenticated"

📊 Metadata

CVE ID: CVE-2021-4119

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-284

Published: December 15, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/bookstackapp/bookstack/commit/e765e618547c92f4e0b46caca6fb91f0174efd99 Patch,Third Party Advisory
https://huntr.dev/bounties/135f2d7d-ab0b-4351-99b9-889efac46fca Exploit,Patch,Third Party Advisory
https://github.com/bookstackapp/bookstack/commit/e765e618547c92f4e0b46caca6fb91f0174efd99 Patch,Third Party Advisory
https://huntr.dev/bounties/135f2d7d-ab0b-4351-99b9-889efac46fca Exploit,Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-4119, you might also want to check these: