CVE-2021-3991
published 2024-11-15CVE-2021-3991: An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception'…
PriorityP422medium4.3CVSS 3.1
AVNACLPRNUIRSUCLINAN
EPSS
0.31%
22.5th percentile
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dolibarr | dolibarr | >= 0 < 15.0.0 | 15.0.0 |
| dolibarr | dolibarr_dolibarr | >= unspecified < develop | develop |
| dolibarr | dolibarr_erp_crm | < 20.0.2 | 20.0.2 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
osv4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Improper Authorization in dolibarr/dolibarr
osv·2024-11-15
CVE-2021-3991 [MEDIUM] Improper Authorization in dolibarr/dolibarr
Improper Authorization in dolibarr/dolibarr
An Improper Authorization vulnerability exists in Dolibarr versions prior to version 15.0.0. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.
OSV
CVE-2021-3991: An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch
osv·2024-11-15·CVSS 4.3
CVE-2021-3991 [MEDIUM] CVE-2021-3991: An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.
GHSA
Improper Authorization in dolibarr/dolibarr
ghsa·2024-11-15
CVE-2021-3991 [MEDIUM] CWE-285 Improper Authorization in dolibarr/dolibarr
Improper Authorization in dolibarr/dolibarr
An Improper Authorization vulnerability exists in Dolibarr versions prior to version 15.0.0. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-15
Published