Dolibarr Information Disclosure (CVE-2023-33568)
Description
Dolibarr is an open-source web-based ERP and CRM platform. CVE-2023-33568 is an authentication bypass vulnerability that allows unauthenticated remote attackers to access and extract the entire contacts database. This vulnerability exposes sensitive contact information without requiring any credentials, affecting Dolibarr versions prior to the security patch.
Remediation
Immediately upgrade Dolibarr to version 16.0.5 or later, which addresses this vulnerability. Follow these steps:
1. Back up your current Dolibarr installation and database
2. Download the latest patched version from the official Dolibarr website
3. Follow the official upgrade procedure documented at dolibarr.org
4. After upgrading, verify that unauthenticated access to contact endpoints is properly blocked
5. Review access logs for any suspicious activity or unauthorized database access prior to patching
6. Consider implementing additional access controls such as IP whitelisting or web application firewall (WAF) rules to restrict access to sensitive endpoints