Impact
If a chapter was visible to a user, but all of it's pages were made not visible, then the details of these pages could be visible. Within the BookStack interface, the names of the pages and preview content could be seen. If the parent book was exported then this would include the content of the pages that had been restricted.
Patches
This has been patched in v0.30.6.
Workarounds
Please update. As a temporary workaround you could ensure that there is at least one other page within a chapter that's visible to users.
References
Attribution
A big thanks to @cdrfun for discovering and reporting this issue.
For more information
If you have any questions or comments about this advisory:
Impact
If a chapter was visible to a user, but all of it's pages were made not visible, then the details of these pages could be visible. Within the BookStack interface, the names of the pages and preview content could be seen. If the parent book was exported then this would include the content of the pages that had been restricted.
Patches
This has been patched in v0.30.6.
Workarounds
Please update. As a temporary workaround you could ensure that there is at least one other page within a chapter that's visible to users.
References
Attribution
A big thanks to @cdrfun for discovering and reporting this issue.
For more information
If you have any questions or comments about this advisory: