CVE-2023-4198: Dolibarr Improper Input Validation vulnerability

November 1, 2023 (updated November 8, 2023)

Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data

References

github.com/Dolibarr/dolibarr/commit/3065b9ca6ade988e8d7a8a8550415c0abb56b9cb
github.com/Dolibarr/dolibarr/commit/3065b9ca6ade988e8d7a8a8550415c0abb56b9cb
github.com/advisories/GHSA-48v2-596x-4jr9
nvd.nist.gov/vuln/detail/CVE-2023-4198
starlabs.sg/advisories/23/23-4198

Code Behaviors & Features

Detect and mitigate CVE-2023-4198 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →