CVE-2020-11825

HIGH8.8EPSS 0.20%

Dolibarr Cross-Site Request Forgery Vulnerability

發布日:2022/5/24修改日:2025/4/3

也稱為:GHSA-m66x-wm27-xxpcBIT-dolibarr-2020-11825

描述

In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation.

受影響套件(2)

Bitnami/dolibarr>= 10.0.6, <= 10.0.6
Packagist/dolibarr/dolibarrfrom 0, <= 10.0.6

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-11825
PATCHhttps://github.com/Dolibarr/dolibarr
WEBhttps://fatihhcelik.blogspot.com/2020/04/dolibarr-csrf.html