CVE-2021-3991 MEDIUM

CVE-2021-3991: Improper Authorization in dolibarr/dolibarr

Vendor Dolibarr
Product dolibarr/dolibarr
Weakness CWE-285
Published November 15, 2024
Last update November 15, 2024

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.

Key dates

02Disclosure timeline

November 15, 2024 CVE published
November 15, 2024 Record updated