BIT-dolibarr-2020-11825

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/dolibarr/BIT-dolibarr-2020-11825.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-dolibarr-2020-11825

Aliases

CVE-2020-11825
GHSA-m66x-wm27-xxpc

Published

2025-04-03T14:04:17.710Z

Modified

2025-04-03T15:27:03.949919Z

Summary

[none]

Details

In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation.

Database specific

{
    "cpes": [
        "cpe:2.3:a:dolibarr:dolibarr_erp/crm:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}

References

https://fatihhcelik.blogspot.com/2020/04/dolibarr-csrf.html
https://nvd.nist.gov/vuln/detail/CVE-2020-11825

Affected packages

Bitnami / dolibarr

Package

Name: dolibarr
Purl: pkg:bitnami/dolibarr

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

10.0.6

Last affected

10.0.6