CVE-2022-0731
published 2022-02-23CVE-2022-0731: Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0.
PriorityP433medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
1.00%
58.3th percentile
Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dolibarr | dolibarr | >= 0 < 16.0 | 16.0 |
| dolibarr | dolibarr_dolibarr | >= unspecified < 16.0 | 16.0 |
| dolibarr | dolibarr_erp_crm | < 16.0.0 | 16.0.0 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
osv6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Improper Authorization in dolibarr/dolibarr
osv·2022-02-24
CVE-2022-0731 [MEDIUM] Improper Authorization in dolibarr/dolibarr
Improper Authorization in dolibarr/dolibarr
Dolibarr allows improper access control issues in the userphoto modulepart. The impact could lead to data exposure as the attached files and documents may contain sensitive information of relevant parties such as contacts, suppliers, invoices, orders, stocks, agenda, accounting and more.
GHSA
Improper Authorization in dolibarr/dolibarr
ghsa·2022-02-24
CVE-2022-0731 [MEDIUM] CWE-639 Improper Authorization in dolibarr/dolibarr
Improper Authorization in dolibarr/dolibarr
Dolibarr allows improper access control issues in the userphoto modulepart. The impact could lead to data exposure as the attached files and documents may contain sensitive information of relevant parties such as contacts, suppliers, invoices, orders, stocks, agenda, accounting and more.
OSV
CVE-2022-0731: Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16
osv·2022-02-23·CVSS 6.5
CVE-2022-0731 [MEDIUM] CVE-2022-0731: Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16
Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-02-23
Published