In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation.
Advisories
Source ID Title
EUVD EUVD EUVD-2022-4502 In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation.
Github GHSA Github GHSA GHSA-m66x-wm27-xxpc Dolibarr Cross-Site Request Forgery Vulnerability
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-04T11:41:59.816Z

Reserved: 2020-04-16T00:00:00

Link: CVE-2020-11825

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-04-16T19:15:27.637

Modified: 2024-11-21T04:58:42.580

Link: CVE-2020-11825

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.