cbcvebase.
CVE-2021-3991
published 2024-11-15

CVE-2021-3991: An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception'…

PriorityP422medium4.3CVSS 3.1
AVNACLPRNUIRSUCLINAN
EPSS
0.31%
22.5th percentile
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.

Affected

3 ranges
VendorProductVersion rangeFixed in
dolibarrdolibarr>= 0 < 15.0.015.0.0
dolibarrdolibarr_dolibarr>= unspecified < developdevelop
dolibarrdolibarr_erp_crm< 20.0.220.0.2

CVSS provenance

nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
osv4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.