Lucene search

Veracode Vulnerability DatabaseVERACODE:46504

HistoryApr 18, 2024 - 7:05 a.m.

Session Hijacking

2024-04-1807:05:11

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

dolibarr

session hijacking

user session management

csrf protection

account takeover

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

dolibarr/dolibarr is vulnerable to Session Hijacking. The vulnerability is due to inadequate user session management, allowing authenticated attackers to hijack victim users’ session cookies and gain access to the CSRF protection tokens through interaction with a malicious web page, consequently leading to account takeover.

CPENameOperatorVersion
dolibarr/dolibarrle19.0.0
dolibarr/dolibarrle19.0.0

CPE	Name	Operator	Version
	dolibarr/dolibarr	le	19.0.0
	dolibarr/dolibarr	le	19.0.0

References

dolibarr.com

github.com/advisories/GHSA-6ppg-rgrg-f573

github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-31503.md