CVE-2020-11825

Name of the Vulnerable Software and Affected Versions Dolibarr version 10.0.6

Description The issue arises from the fact that any Cross-Site Request Forgery (CSRF) token in any user's session can be used in another user's session. Normally, CSRF tokens should be unique to each user's session and not be valid when used across different sessions. This flaw allows for potential CSRF attacks, as an attacker could use a token from one session to perform unauthorized actions in another user's session.

Recommendations For Dolibarr version 10.0.6, as a temporary workaround, consider implementing additional validation to ensure CSRF tokens are tied to the user's session, restricting the use of tokens across different sessions until a proper fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.