Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Dolibarr Authorization Bypass Through User-Controlled Key Vulnerability - CVE-2021-3991 - Vulnerability Database
Dolibarr

Dolibarr Authorization Bypass Through User-Controlled Key Vulnerability - CVE-2021-3991

Medium
Reference: CVE-2021-3991
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-3991
Title: Dolibarr Authorization Bypass Through User-Controlled Key Vulnerability
Overview:

An Improper Authorization vulnerability exists in Dolibarr versions prior to the 39develop39 branch. A user with restricted permissions in the 39Reception39 section is able to access specific reception details via direct URL access bypassing the intended permission restrictions.