Опубликовано: 16 апр. 2020
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.8
CVSS3: 8.8
Описание
In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| eoan | DNE | |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE | |
| impish | DNE |
Показывать по
10
EPSS
Процентиль: 42%
0.00197
Низкий
6.8 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
CVSS3: 8.8
nvd
почти 6 лет назад
In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation.
CVSS3: 8.8
debian
почти 6 лет назад
In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF ...
CVSS3: 8.8
github
больше 3 лет назад
Dolibarr Cross-Site Request Forgery Vulnerability
EPSS
Процентиль: 42%
0.00197
Низкий
6.8 Medium
CVSS2
8.8 High
CVSS3