Vulnerabilities > CVE-2021-25954 - Incorrect Authorization vulnerability in Dolibarr
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at “/adherents/note.php?id=1” endpoint.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/Dolibarr/dolibarr/commit/8cc100012d46282799fb19f735a53b7101569377
- https://github.com/Dolibarr/dolibarr/commit/8cc100012d46282799fb19f735a53b7101569377
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25954
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25954