UBUNTU-CVE-2020-11825

Source
https://ubuntu.com/security/CVE-2020-11825
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-11825.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-11825
Related
Published
2020-04-16T19:15:00Z
Modified
2025-01-13T10:22:11Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation.

References

Affected packages

Ubuntu:Pro:16.04:LTS / dolibarr

Package

Name
dolibarr
Purl
pkg:deb/ubuntu/dolibarr@3.5.8+dfsg1-1ubuntu1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.5.5+dfsg1-2
3.5.7+dfsg1-1
3.5.8+dfsg1-1
3.5.8+dfsg1-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}