BIT-dolibarr-2020-11825

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/dolibarr/BIT-dolibarr-2020-11825.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-dolibarr-2020-11825
Aliases
Published
2025-04-03T14:04:17.710Z
Modified
2025-04-03T15:27:03.949919Z
Summary
[none]
Details

In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation.

Database specific
{
    "severity": "High",
    "cpes": [
        "cpe:2.3:a:dolibarr:dolibarr_erp/crm:*:*:*:*:*:*:*:*"
    ]
}
References

Affected packages

Bitnami / dolibarr

Package

Name
dolibarr
Purl
pkg:bitnami/dolibarr

Severity

  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
10.0.6
Last affected
10.0.6