First published: Fri Nov 15 2024(Updated: )
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.
Credit: security@huntr.dev security@huntr.dev
Affected Software | Affected Version | How to fix |
---|---|---|
composer/dolibarr/dolibarr | <15.0.0 | 15.0.0 |
Dolibarr ERP & CRM | <20.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-3991 has a medium severity rating due to improper authorization that can be exploited by a user with restricted permissions.
To fix CVE-2021-3991, upgrade Dolibarr to version 15.0.0 or later.
CVE-2021-3991 affects Dolibarr versions prior to the 'develop' branch and before version 15.0.0.
CVE-2021-3991 allows unauthorized users to access specific reception details, potentially exposing sensitive information.
Yes, a patch is available in Dolibarr version 15.0.0 and later, addressing the improper authorization issue.