Description
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.
Remediation
References
Related Vulnerabilities
Atlassian Jira Missing Authorization Vulnerability (CVE-2017-18101)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2582)
WordPress Plugin Premium SEO Pack Security Bypass (1.9.1.3)
MySQL CVE-2015-0405 Vulnerability (CVE-2015-0405)
Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-15695)