CVE-2023-4198
published 2023-11-01CVE-2023-4198: Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data
PriorityP336medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.56%
42.1th percentile
Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dolibarr | dolibarr | >= 0 < 18.0.0 | 18.0.0 |
| dolibarr | dolibarr_erp_crm | <= 17.0.3 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
osv6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Dolibarr Improper Input Validation vulnerability
osv·2023-11-01
CVE-2023-4198 [MEDIUM] Dolibarr Improper Input Validation vulnerability
Dolibarr Improper Input Validation vulnerability
Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data
OSV
CVE-2023-4198: Improper Access Control in Dolibarr ERP CRM <= v17
osv·2023-11-01·CVSS 6.5
CVE-2023-4198 [MEDIUM] CVE-2023-4198: Improper Access Control in Dolibarr ERP CRM <= v17
Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data
GHSA
Dolibarr Improper Input Validation vulnerability
ghsa·2023-11-01
CVE-2023-4198 [MEDIUM] CWE-862 Dolibarr Improper Input Validation vulnerability
Dolibarr Improper Input Validation vulnerability
Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/Dolibarr/dolibarr/commit/3065b9ca6ade988e8d7a8a8550415c0abb56b9cb#diff-7d68365a708c954051853ade884c7e97c6ff13150ee92657d6ffc8603e0f947bhttps://starlabs.sg/advisories/23/23-4198https://github.com/Dolibarr/dolibarr/commit/3065b9ca6ade988e8d7a8a8550415c0abb56b9cb#diff-7d68365a708c954051853ade884c7e97c6ff13150ee92657d6ffc8603e0f947bhttps://starlabs.sg/advisories/23/23-4198
2023-11-01
Published