CVE-2020-13240: Incorrect Default Permissions

May 20, 2020 (updated July 21, 2021)

The DMS/ECM module in Dolibarr allows users with the ‘Setup documents directories’ permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS.

References

nvd.nist.gov/vuln/detail/CVE-2020-13240

Code Behaviors & Features

Detect and mitigate CVE-2020-13240 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →