← Zuruck zu CVEs
CVE-2021-25956
MEDIUM4.7
Beschreibung
In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. This leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name.
CVE Details
CVSS v3.1 Bewertung4.7
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionNONE
Veroffentlicht8/17/2021
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
dolibarr:dolibarrdolibarr:dolibarr_erp\/crm
Schwachen (CWE)
CWE-284
Referenzen
https://github.com/Dolibarr/dolibarr/commit/c4cba43bade736ab89e31013a6ccee59a6e077ee(vulnerabilitylab@mend.io)
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25956(vulnerabilitylab@mend.io)
https://github.com/Dolibarr/dolibarr/commit/c4cba43bade736ab89e31013a6ccee59a6e077ee(af854a3a-2127-422b-91ae-364da2661108)
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25956(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.