Mitch311

**Name of the Vulnerable Software and Affected Versions** Dolibarr ERP CRM versions prior to 23.0.2 **Description** Improper authorization exists in the Leave Request REST API component. The issue is located in the `checkUserAccessToObject()` function within the `htdocs/holiday/class/api holidays.class.php` file, which allows a remote attacker to bypass authorization controls. **Recommendations** Update to version 23.0.2. As a temporary mitigation, restrict access to the Leave Request REST API component.