First published: Mon Aug 09 2021(Updated: )
In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at “/adherents/note.php?id=1” endpoint.
Credit: vulnerabilitylab@mend.io
Affected Software | Affected Version | How to fix |
---|---|---|
Dolibarr Dolibarr | >=2.8.1<=13.0.4 |
Update to 14.0.0
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-25954.
The title of the vulnerability is 'In “Dolibarr” application 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource.'
The affected software is Dolibarr version 2.8.1 to 13.0.4.
The severity of CVE-2021-25954 is medium with a CVSS score of 4.3.
A low privileged attacker can modify the Private Note field in the Dolibarr application, which should only be accessible to administrators.