CVE-2024-31503 — HIGH (7.5)

Q: How severe is CVE-2024-31503?

CVE-2024-31503 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-31503?

Check the references section above for vendor advisories and patch information. Affected products include: Dolibarr Dolibarr Erp\/Crm.

Vulnerability Description

Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Dolibarr	Dolibarr Erp\/Crm	< 19.0.1

Related Weaknesses (CWE)

CWE-284 CWE-352

References

https://github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-31503.mdThird Party Advisory
https://github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-31503.mdThird Party Advisory

FAQ

What is CVE-2024-31503?

CVE-2024-31503 is a vulnerability with a CVSS score of 7.5 (HIGH). Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a cr...

How severe is CVE-2024-31503?

CVE-2024-31503 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-31503?

Check the references section above for vendor advisories and patch information. Affected products include: Dolibarr Dolibarr Erp\/Crm.