CVE-2020-11825
Dolibarr Cross-Site Request Forgery Vulnerability
8.8
HIGH
CVSS 3.1
EPSS 0.20%
Description
In Dolibarr 10.0.6, forms are protected with a Cross-Site Request Forgery (CSRF) token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation.
How to fix CVE-2020-11825
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- —no fix listed
- —no fix listed
Is CVE-2020-11825 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 10.0.6, <= 10.0.6
- from 0, <= 10.0.6
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |