CVE-2024-31503

CVSS v3.1

7.5

High

Vector

AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions Dolibarr ERP CRM versions 19.0.0 and before

Description The issue allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover. This occurs due to incorrect access control in the software.

Recommendations For versions 19.0.0 and before, update to a version that includes the necessary access control fixes to prevent session cookie and CSRF token theft. As a temporary workaround, consider restricting user interaction with crafted web pages to minimize the risk of exploitation.

Exploit

Fix

Improper Access Control

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-352

Related Identifiers

BIT-DOLIBARR-2024-31503

CVE-2024-31503

GHSA-6PPG-RGRG-F573

Affected Products

Dolibarr Erp/Crm

CVE-2024-31503

Weakness Enumeration

Related Identifiers

Affected Products

References · 13