CVE-2024-31503

high

Description

Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.

References

https://github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-31503.md

Details

Source: Mitre, NVD

Published: 2024-04-17

Updated: 2024-04-17

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Severity: High

Detections

Analytics