GHSA-6ppg-rgrg-f573

Source

https://github.com/advisories/GHSA-6ppg-rgrg-f573

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-6ppg-rgrg-f573/GHSA-6ppg-rgrg-f573.json

Aliases

CVE-2024-31503

Published

2024-04-17T00:30:57Z

Modified

2024-04-17T18:41:53.592601Z

Summary

Dolibarr vulnerable to Cross-Site Request Forgery

Details

Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.

References

Affected packages

Packagist / dolibarr/dolibarr

Package

Name: dolibarr/dolibarr

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Last affected

19.0.0

Affected versions

3.*

3.6.0-beta

3.6.0

3.6.1

3.6.2

3.6.3

3.6.4

3.6.5

3.6.6

3.7.0

3.7.1

3.7.2

3.7.3

3.7.4

3.8.0-beta

3.8.0

3.8.1

3.8.2

3.8.3

3.8.4

3.9.0-rc

3.9.0-rc2

3.9.0

3.9.1

3.9.2

3.9.3

3.9.4

4.*

4.0.0-beta

4.0.0-rc

4.0.0-rc2

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

5.*

5.0.0-beta

5.0.0-rc1

5.0.0-rc2

5.0.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

6.*

6.0.0-beta

6.0.0-rc

6.0.0

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.0.8

7.*

7.0.0

7.0.1

7.0.2

7.0.3

7.0.4

7.0.5

8.*

8.0.0

8.0.1

8.0.2

8.0.3

8.0.4

8.0.5

8.0.6

9.*

9.0.0

9.0.1

9.0.2

9.0.3

9.0.4

10.*

10.0.0

10.0.1

10.0.2

10.0.3

10.0.4

10.0.5

10.0.6

10.0.7

11.*

11.0.0

11.0.1

11.0.2

11.0.3

11.0.4

11.0.5

12.*

12.0.0

12.0.1

12.0.2

12.0.3

12.0.4

12.0.5

13.*

13.0.0

13.0.1

13.0.2

13.0.3

13.0.4

13.0.5

14.*

14.0.0

14.0.1

14.0.2

14.0.3

14.0.4

14.0.5

15.*

15.0.0

15.0.1

15.0.2

15.0.3