Dolibarr ERP CRM (<= 17.0.3) Improper Access Control
CVE-2023-4198

6.5MEDIUM

Key Information:

Vendor

Dolibarr

Status
Dolibarr Erp Crm
Vendor
CVE Published:
1 November 2023

What is CVE-2023-4198?

Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data

Affected Version(s)

Dolibarr ERP CRM 0 <= 17.0.3

References

https://starlabs.sg/advisories/23/23-4198
third-party-advisory
https://github.com/Dolibarr/dolibarr/commit/3065b9ca6ade9...
patch

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Poh Jia Hao (@Chocologicall) of STAR Labs SG Pte. Ltd. (@starlabs_sg)
.