CVE-2021-3991

An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.
Configurations

Configuration 1 (hide)

cpe:2.3:a:dolibarr:dolibarr_erp\/crm:*:*:*:*:*:*:*:*

History

19 Nov 2024, 15:31

Type Values Removed Values Added
CWE CWE-639
CPE cpe:2.3:a:dolibarr:dolibarr_erp\/crm:*:*:*:*:*:*:*:*
First Time Dolibarr
Dolibarr dolibarr Erp\/crm
References () https://github.com/dolibarr/dolibarr/commit/63cd06394f39d60784d6e6a0ccf4867a71a6568f - () https://github.com/dolibarr/dolibarr/commit/63cd06394f39d60784d6e6a0ccf4867a71a6568f - Patch
References () https://huntr.com/bounties/58ddbd8a-0faf-4b3f-aec9-5850bb19ab67 - () https://huntr.com/bounties/58ddbd8a-0faf-4b3f-aec9-5850bb19ab67 - Third Party Advisory

15 Nov 2024, 13:58

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de autorización incorrecta en las versiones de Dolibarr anteriores a la rama "develop". Un usuario con permisos restringidos en la sección "Recepción" puede acceder a detalles específicos de la recepción a través del acceso directo a la URL, eludiendo las restricciones de permisos previstas.

15 Nov 2024, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-15 11:15

Updated : 2024-11-19 15:31


NVD link : CVE-2021-3991

Mitre link : CVE-2021-3991

CVE.ORG link : CVE-2021-3991


JSON object : View

Products Affected

dolibarr

  • dolibarr_erp\/crm
CWE
CWE-639

Authorization Bypass Through User-Controlled Key

CWE-285

Improper Authorization