CVE-2022-0731Improper Access Control in Dolibarr

CWE-284Improper Access ControlCWE-639Authorization Bypass Through User-Controlled KeyCWE-863Incorrect Authorization5 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 66.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Dolibarr DolibarrDolibarr ERP CRMDolibarr
Timeline
PublishedFeb 23
Latest updateFeb 24

Description

Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

Packagistdolibarr/dolibarr< 16.0
CVEListV5dolibarr/dolibarr_dolibarrunspecified16.0

Patches

Patch: github.comPatch: huntr.devPatch: github.com

🔴Vulnerability Details

4
OSV
Improper Authorization in dolibarr/dolibarr2022-02-24
GHSA
Improper Authorization in dolibarr/dolibarr2022-02-24
CVEList
Improper Access Control (IDOR) in dolibarr/dolibarr2022-02-23
OSV
CVE-2022-0731: Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 162022-02-23
CVE-2022-0731 — Improper Access Control in Dolibarr | cvebase