Lucene search

[email protected]NVD:CVE-2023-33568

HistoryJun 13, 2023 - 3:15 p.m.

CVE-2023-33568

2023-06-1315:15:14

CWE-552

[email protected]

web.nvd.nist.gov

dolibarr 16

vulnerability

unauthenticated

database access

customer file

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.569 Medium

EPSS

Percentile

97.7%

JSON

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company’s entire customer file, prospects, suppliers, and employee information if a contact file exists.

Affected configurations

NVD

Node

dolibarrdolibarr_erp\/crmRange16.0.0–16.0.5

References

github.com/Dolibarr/dolibarr/commit/bb7b69ef43673ed403436eac05e0bc31d5033ff7

github.com/Dolibarr/dolibarr/commit/be82f51f68d738cce205f4ce5b469ef42ed82d9e

www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471

www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471/1

www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.569 Medium

EPSS

Percentile

97.7%

JSON

Related for NVD:CVE-2023-33568

osv2 nuclei1 cve1 veracode1 cvelist1 ubuntucve1 github1 prion1