CVE-2024-31503Cross-Site Request Forgery in ERP CRM

CWE-352Cross-Site Request ForgeryCWE-284Improper Access Control5 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 82.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dolibarr ERP CRMDolibarr
Timeline
PublishedApr 17

Description

Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:LExploitability: 1.0 | Impact: 6.0

Affected Packages2 packages

Packagistdolibarr/dolibarr19.0.0

🔴Vulnerability Details

4
OSV
Dolibarr vulnerable to Cross-Site Request Forgery2024-04-17
GHSA
Dolibarr vulnerable to Cross-Site Request Forgery2024-04-17
OSV
CVE-2024-31503: Incorrect access control in Dolibarr ERP CRM versions 192024-04-17
CVEList
CVE-2024-31503: Incorrect access control in Dolibarr ERP CRM versions 192024-04-16
CVE-2024-31503 — Cross-Site Request Forgery in ERP CRM | cvebase