In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at “/adherents/note.php?id=1” endpoint.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Sep 2024 00:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | Improper Access Control in “Dolibarr” | Improper Access Control in “Dolibarr” |
MITRE
Status: PUBLISHED
Assigner: Mend
Published: 2021-08-09T16:58:31.962736Z
Updated: 2024-09-17T00:31:24.945Z
Reserved: 2021-01-22T00:00:00
Link: CVE-2021-25954
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-08-09T17:15:07.307
Modified: 2024-11-21T05:55:40.020
Link: CVE-2021-25954
Redhat
No data.