CVE-2020-11825: Cross-Site Request Forgery (CSRF)

April 16, 2020 (updated April 20, 2020)

In Dolibarr, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user’s session can be used in another user’s session. CSRF tokens should not be valid in this situation.

References

nvd.nist.gov/vuln/detail/CVE-2020-11825

Code Behaviors & Features

Detect and mitigate CVE-2020-11825 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →