Lucene search

Ubuntu.comUB:CVE-2024-31503

HistoryApr 17, 2024 - 12:00 a.m.

CVE-2024-31503

2024-04-1700:00:00

ubuntu.com

incorrect access control

dolibarr erp crm

authenticated attackers

session cookies

csrf tokens

account takeover

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before,
allows authenticated attackers to steal victim users’ session cookies and
CSRF protection tokens via user interaction with a crafted web page,
leading to account takeover.

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchdolibarr< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	dolibarr	< any	UNKNOWN

References

github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-31503.md

launchpad.net/bugs/cve/CVE-2024-31503

nvd.nist.gov/vuln/detail/CVE-2024-31503

security-tracker.debian.org/tracker/CVE-2024-31503

www.cve.org/CVERecord?id=CVE-2024-31503