Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS00eGM3LXgyanItY3I3NM0uNA

Improper Authorization in dolibarr/dolibarr

Dolibarr allows improper access control issues in the userphoto modulepart. The impact could lead to data exposure as the attached files and documents may contain sensitive information of relevant parties such as contacts, suppliers, invoices, orders, stocks, agenda, accounting and more.

Permalink: https://github.com/advisories/GHSA-4xc7-x2jr-cr74
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00eGM3LXgyanItY3I3NM0uNA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: about 1 year ago

CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Identifiers: GHSA-4xc7-x2jr-cr74, CVE-2022-0731
References:

Repository: https://github.com/dolibarr/dolibarr
Blast Radius: 5.1

Affected Packages

packagist:dolibarr/dolibarr

Dependent packages: 0
Dependent repositories: 6
Downloads: 4,982 total
Affected Version Ranges: < 16.0
Fixed in: 16.0
All affected versions: 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.6.4, 3.6.5, 3.6.6, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.8.4, 3.9.0, 3.9.1, 3.9.2, 3.9.3, 3.9.4, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, 11.0.5, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.0.5, 13.0.0, 13.0.1, 13.0.2, 13.0.3, 13.0.4, 13.0.5, 14.0.0, 14.0.1, 14.0.2, 14.0.3, 14.0.4, 14.0.5, 15.0.0, 15.0.1, 15.0.2, 15.0.3
All unaffected versions: