Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| dolibarr/dolibarr(Packagist) | N/A | N/A | N/A |
CVSS Metrics
