Improper Authorization Vulnerability in Dolibarr
CVE-2021-3991
4.3MEDIUM
Key Information:
- Vendor
- Dolibarr
- Status
- Dolibarr/dolibarr
- Vendor
- CVE Published:
- 15 November 2024
Summary
An improper authorization issue exists in Dolibarr, which impacts user permissions within the reception section. Users who are normally restricted from accessing certain reception details can exploit this vulnerability by navigating directly to specific URLs, effectively bypassing the intended security measures. This unintended access could lead to unauthorized visibility of sensitive information, posing a risk to data integrity and privacy for users of the Dolibarr ERP & CRM software.
Affected Version(s)
dolibarr/dolibarr < unspecified
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved