Moderate severityNVD Advisory· Published Nov 1, 2023· Updated Sep 5, 2024
Dolibarr ERP CRM (<= 17.0.3) Improper Access Control
CVE-2023-4198
Description
Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
dolibarr/dolibarrPackagist | < 18.0.0 | 18.0.0 |
Affected products
3- osv-coords2 versions
<= 17.0.3+ 1 more
- (no CPE)range: <= 17.0.3
- (no CPE)range: < 18.0.0
Patches
Vulnerability mechanics
References
5- github.com/Dolibarr/dolibarr/commit/3065b9ca6ade988e8d7a8a8550415c0abb56b9cbghsapatchWEB
- github.com/advisories/GHSA-48v2-596x-4jr9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-4198ghsaADVISORY
- starlabs.sg/advisories/23/23-4198ghsathird-party-advisoryWEB
- github.com/Dolibarr/dolibarr/commit/3065b9ca6ade988e8d7a8a8550415c0abb56b9cbghsaWEB
News mentions
0No linked articles in our index yet.