8.8
CVE-2020-11825
- EPSS 0.99%
- Veröffentlicht 16.04.2020 19:15:27
- Zuletzt bearbeitet 21.11.2024 04:58:42
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dolibarr ≫ Dolibarr Erp/crm Version10.0.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.99% | 0.578 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
https://fatihhcelik.blogspot.com/2020/04/dolibarr-csrf.html