CVE-2023-33568

Опубликовано: 13 июн. 2023

Источник: nvd

CVSS3: 7.5

EPSS Высокий

Описание

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.

Ссылки

https://github.com/Dolibarr/dolibarr/commit/bb7b69ef43673ed403436eac05e0bc31d5033ff7
Patch
https://github.com/Dolibarr/dolibarr/commit/be82f51f68d738cce205f4ce5b469ef42ed82d9e
Patch
https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471
Mitigation
Vendor Advisory
https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471/1
Mitigation
Vendor Advisory
https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/
Exploit
Third Party Advisory
https://github.com/Dolibarr/dolibarr/commit/bb7b69ef43673ed403436eac05e0bc31d5033ff7
Patch
https://github.com/Dolibarr/dolibarr/commit/be82f51f68d738cce205f4ce5b469ef42ed82d9e
Patch
https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471
Mitigation
Vendor Advisory
https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471/1
Mitigation
Vendor Advisory
https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dolibarr:dolibarr_erp\/crm:*:*:*:*:*:*:*:*

Версия от 16.0.0 (включая) до 16.0.5 (исключая)

EPSS

Процентиль: 100%

0.8984

Высокий

7.5 High

CVSS3

Дефекты

CWE-552

Связанные уязвимости

CVE-2023-33568

CVSS3: 7.5

ubuntu

больше 2 лет назад

CVE-2023-33568

CVSS3: 7.5

debian

больше 2 лет назад

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers ...

GHSA-fpvg-m786-h5vr

CVSS3: 7.5

github

больше 2 лет назад

Dolibarr vulnerable to unauthenticated database access

EPSS

Процентиль: 100%

0.8984

Высокий

7.5 High

CVSS3

Дефекты

CWE-552