An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.
References
Link | Resource |
---|---|
https://github.com/dolibarr/dolibarr/commit/63cd06394f39d60784d6e6a0ccf4867a71a6568f | Patch |
https://huntr.com/bounties/58ddbd8a-0faf-4b3f-aec9-5850bb19ab67 | Third Party Advisory |
Configurations
History
19 Nov 2024, 15:31
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-639 | |
CPE | cpe:2.3:a:dolibarr:dolibarr_erp\/crm:*:*:*:*:*:*:*:* | |
First Time |
Dolibarr
Dolibarr dolibarr Erp\/crm |
|
References | () https://github.com/dolibarr/dolibarr/commit/63cd06394f39d60784d6e6a0ccf4867a71a6568f - Patch | |
References | () https://huntr.com/bounties/58ddbd8a-0faf-4b3f-aec9-5850bb19ab67 - Third Party Advisory |
15 Nov 2024, 13:58
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
15 Nov 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-15 11:15
Updated : 2024-11-19 15:31
NVD link : CVE-2021-3991
Mitre link : CVE-2021-3991
CVE.ORG link : CVE-2021-3991
JSON object : View
Products Affected
dolibarr
- dolibarr_erp\/crm