Описание
Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 19.0.1 (исключая)
cpe:2.3:a:dolibarr:dolibarr_erp\/crm:*:*:*:*:*:*:*:*
EPSS
Процентиль: 18%
0.00057
Низкий
7.5 High
CVSS3
Дефекты
CWE-352
CWE-284
Связанные уязвимости
CVSS3: 7.5
ubuntu
почти 2 года назад
Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.
CVSS3: 7.5
debian
почти 2 года назад
Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and befor ...
CVSS3: 7.5
github
почти 2 года назад
Dolibarr vulnerable to Cross-Site Request Forgery
EPSS
Процентиль: 18%
0.00057
Низкий
7.5 High
CVSS3
Дефекты
CWE-352
CWE-284