Dolibarr sensitive information disclosure · CVE-2017-17898 · GitHub Advisory Database · GitHub

Dolibarr sensitive information disclosure

High severity GitHub Reviewed Published May 14, 2022 to the GitHub Advisory Database • Updated Apr 24, 2024

Package

dolibarr/dolibarr (Composer)

Affected versions

<= 6.0.4

Patched versions

6.0.5

Description

Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information.

References

Published by the National Vulnerability Database

Dec 27, 2017

Published to the GitHub Advisory Database May 14, 2022

Reviewed Apr 24, 2024

Last updated Apr 24, 2024

Severity

High

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N