CVE-2024-31503
published 2024-04-17CVE-2024-31503: Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF…
PriorityP434high7.5CVSS 3.1
AVNACHPRHUIRSCCHIHAL
EPSS
0.26%
17.0th percentile
Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dolibarr | dolibarr | 0 – 19.0.0 | — |
| dolibarr | dolibarr_erp_crm | < 19.0.1 | 19.0.1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Dolibarr vulnerable to Cross-Site Request Forgery
osv·2024-04-17
CVE-2024-31503 [HIGH] Dolibarr vulnerable to Cross-Site Request Forgery
Dolibarr vulnerable to Cross-Site Request Forgery
Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.
GHSA
Dolibarr vulnerable to Cross-Site Request Forgery
ghsa·2024-04-17
CVE-2024-31503 [HIGH] CWE-284 Dolibarr vulnerable to Cross-Site Request Forgery
Dolibarr vulnerable to Cross-Site Request Forgery
Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.
OSV
CVE-2024-31503: Incorrect access control in Dolibarr ERP CRM versions 19
osv·2024-04-17·CVSS 7.5
CVE-2024-31503 [HIGH] CVE-2024-31503: Incorrect access control in Dolibarr ERP CRM versions 19
Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-04-17
Published