CVE-2021-3991

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-3991
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/dolibarr/dolibarr/commit/63cd06394f39d60784d6e6a0ccf4867a71a6568f Patch
https://huntr.com/bounties/58ddbd8a-0faf-4b3f-aec9-5850bb19ab67 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:dolibarr:dolibarr_erp\/crm:*:*:*:*:*:*:*:*
History

19 Nov 2024, 15:31

Type Values Removed Values Added
References () https://github.com/dolibarr/dolibarr/commit/63cd06394f39d60784d6e6a0ccf4867a71a6568f - () https://github.com/dolibarr/dolibarr/commit/63cd06394f39d60784d6e6a0ccf4867a71a6568f - Patch
References () https://huntr.com/bounties/58ddbd8a-0faf-4b3f-aec9-5850bb19ab67 - () https://huntr.com/bounties/58ddbd8a-0faf-4b3f-aec9-5850bb19ab67 - Third Party Advisory
First Time Dolibarr
Dolibarr dolibarr Erp\/crm
CPE cpe:2.3:a:dolibarr:dolibarr_erp\/crm:*:*:*:*:*:*:*:*
CWE CWE-639

15 Nov 2024, 13:58

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de autorización incorrecta en las versiones de Dolibarr anteriores a la rama "develop". Un usuario con permisos restringidos en la sección "Recepción" puede acceder a detalles específicos de la recepción a través del acceso directo a la URL, eludiendo las restricciones de permisos previstas.

15 Nov 2024, 11:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-15 11:15

Updated : 2024-11-19 15:31

NVD link : CVE-2021-3991

Mitre link : CVE-2021-3991

CVE.ORG link : CVE-2021-3991

JSON object : View

Products Affected

dolibarr

  • dolibarr_erp\/crm
CWE
CWE-639

Authorization Bypass Through User-Controlled Key

CWE-285

Improper Authorization


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024