Lucene search

GitHub Advisory DatabaseGHSA-8QVX-F5GF-G43V

HistoryJan 12, 2022 - 10:54 p.m.

Logic error in dolibarr

2022-01-1222:54:50

CWE-20

CWE-1284

GitHub Advisory Database

github.com

dolibarr

input validation

price

business logic

software

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

24.8%

JSON

The application does not check the input of price number lead to Business Logic error through negative price amount.

Affected configurations

Vulners

Node

dolibarrdolibarrRange<15.0.0

VendorProductVersionCPE
dolibarrdolibarr*cpe:2.3:a:dolibarr:dolibarr:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dolibarr	dolibarr	*	cpe:2.3:a:dolibarr:dolibarr::::::::

References

github.com/advisories/GHSA-8qvx-f5gf-g43v

github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32

huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db

nvd.nist.gov/vuln/detail/CVE-2022-0174

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

24.8%

JSON

Related for GHSA-8QVX-F5GF-G43V