CVE-2022-0731 — Improper Authorization in dolibarr/dolibarr

Description

Dolibarr allows improper access control issues in the userphoto modulepart. The impact could lead to data exposure as the attached files and documents may contain sensitive information of relevant parties such as contacts, suppliers, invoices, orders, stocks, agenda, accounting and more.

How to fix CVE-2022-0731

To remediate CVE-2022-0731, upgrade the affected package to a fixed version below.

—upgrade to 16.0.0 or later
—upgrade to 16.0 or later

Is CVE-2022-0731 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 16.0.0
from 0, < 16.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-0731
PATCHgithub.com/dolibarr/dolibarr
WEBgithub.com/dolibarr/dolibarr/commit/209ab708d4b65fbd88ba4340d60b7822cb72651a
WEBhuntr.dev/bounties/e242ab4e-fc70-4b2c-a42d-5b3ee4895de8