Lucene search

[email protected]CVE-2023-33568

HistoryJun 13, 2023 - 3:15 p.m.

CVE-2023-33568

2023-06-1315:15:14

CWE-552

[email protected]

web.nvd.nist.gov

cve-2023-33568

dolibarr

unauthenticated attacker

database dump

sensitive information

security vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.506 Medium

EPSS

Percentile

97.5%

JSON

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company’s entire customer file, prospects, suppliers, and employee information if a contact file exists.

Affected configurations

NVD

Node

dolibarrdolibarr_erp\/crmRange16.0.0–16.0.5

CPENameOperatorVersion
dolibarr:dolibarr_erp\/crmdolibarr dolibarr erp/crmlt16.0.5

CPE	Name	Operator	Version
dolibarr:dolibarr_erp\/crm	dolibarr dolibarr erp/crm	lt	16.0.5

References

github.com/Dolibarr/dolibarr/commit/bb7b69ef43673ed403436eac05e0bc31d5033ff7

github.com/Dolibarr/dolibarr/commit/be82f51f68d738cce205f4ce5b469ef42ed82d9e

www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471

www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471/1

www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.506 Medium

EPSS

Percentile

97.5%

JSON

Related for CVE-2023-33568

veracode1 cvelist1 osv2 prion1 github1 ubuntucve1 nuclei1 nvd1