PT-2024-11006 · Dolibarr · Dolibarr
Published
2024-11-15
·
Updated
2025-04-03
·
CVE-2021-3991
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Dolibarr versions prior to the 'develop' branch
Dolibarr versions prior to 15.0.0
Dolibarr versions prior to 63cd063
Description
An Improper Authorization issue exists, allowing a user with restricted permissions in the 'Reception' section to access specific reception details via direct URL access, bypassing intended permission restrictions.
Recommendations
For versions prior to the 'develop' branch, update to the 'develop' branch or a newer version to mitigate the risk.
For versions prior to 15.0.0, update to version 15.0.0 or a newer version to resolve the issue.
For versions prior to 63cd063, update to version 63cd063 or a newer version to remediate the vulnerability.
As a temporary workaround, consider restricting direct URL access to reception details for users with restricted permissions in the 'Reception' section until a patch is available.
Fix
Improper Authorization
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dolibarr