Improper Authorization in dolibarr/dolibarr
Moderate severity
GitHub Reviewed
Published
Nov 15, 2024
to the GitHub Advisory Database
•
Updated Nov 19, 2024
Description
Published by the National Vulnerability Database
Nov 15, 2024
Published to the GitHub Advisory Database
Nov 15, 2024
Reviewed
Nov 15, 2024
Last updated
Nov 19, 2024
An Improper Authorization vulnerability exists in Dolibarr versions prior to version 15.0.0. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.
References