External risk intelligence

Dolibarr ERP CRM REST API Cross-Site Scripting Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.6)

CVE-2023-38888

The vulnerability affects an ERP/CRM software product's REST API module. Enterprise resource planning and customer relationship management systems are commonly deployed as web-accessible services to facilitate remote access, integration, and business operations, making the API surface a likely target for internet-based interaction.

Cross-site Scripting

Dolibarr Erp\/crm

17.0.1 and earlier

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A critical security flaw has been identified in the Dolibarr ERP CRM system. This vulnerability, related to the REST API module, could allow unauthorized remote access, potentially leading to the exposure of sensitive information and the execution of malicious code. Given the nature of ERP/CRM systems, understanding the relevance and exposure of this issue is paramount for leadership.

  • Cross-site scripting allows remote code execution.
  • Affects critical business system APIs.
  • Confirm relevance and exposure of this critical flaw.

Attack Path

How an attacker could exploit the issue

A remote attacker could reach a vulnerable component by interacting with the REST API module of Dolibarr ERP CRM. This interaction, specifically through certain functions within the module, can lead to sensitive information disclosure and arbitrary code execution.

  • Publicly accessible API endpoint is entry point.
  • Malicious input to REST API triggers vulnerability.
  • Sensitive data exposure and code execution is risk.

Live Threat

Current exploitation, exposure, and threat context

A cross-site scripting vulnerability in the REST API module of Dolibarr ERP CRM could allow an unauthenticated remote attacker to access sensitive information and execute arbitrary code. This could occur when a user interacts with a specially crafted request via the affected module.

  • Sensitive information and code execution.
  • Via crafted REST API requests.
  • Compromise of system integrity and data.

Operational Fix

Recommended remediation, mitigation, and detection steps

This critical Cross-Site Scripting vulnerability in Dolibarr ERP CRM affects the REST API module and requires immediate attention from teams managing the application and its infrastructure. The first practical step is to locate all instances of the affected Dolibarr versions, determine their exposure and business criticality, identify the accountable owner, and then plan remediation based on the assessed risk.

  • Application owners should manage the remediation.
  • Verify external REST API accessibility first.
  • Plan updates during the next maintenance window.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is Dolibarr ERP CRM?

Dolibarr ERP CRM is a modular software suite designed to manage business processes such as enterprise resource planning and customer relationship management. It is widely used by organizations to handle internal data and business operations, and it often provides a REST API module to allow other applications or services to integrate with it programmatically.

How does this CVE-2023-38888 vulnerability work?

This issue is classified as a Cross-Site Scripting (CWE-79) vulnerability. In this context, it means the REST API module fails to properly sanitize input before processing it. An attacker can supply malicious scripts that the system then executes, potentially allowing them to bypass security controls to steal sensitive information or run unauthorized commands on the server.

What triggers the vulnerability in Dolibarr?

The flaw is triggered when an attacker sends a specially crafted request to the REST API module. It relies on improper handling of input within specific internal functions like those responsible for analyzing variable injections. Simply navigating the standard user interface or viewing pages without interacting with the vulnerable API endpoints will not trigger this specific vulnerability.

Is my Dolibarr instance at risk?

According to Halo Surface Signal, this vulnerability is considered a likely target because ERP and CRM systems are frequently exposed to the internet to support remote business operations. If your instance is internet-facing, the REST API is accessible to remote attackers. Systems restricted to internal, private networks face a lower risk of external exploitation.

How should I respond to this vulnerability?

First, identify all deployed instances of Dolibarr ERP CRM running version 17.0.1 or earlier. Verify which of these instances have the REST API module enabled and determine if they are reachable from the internet. Once you have an inventory, coordinate with the application owners to assess the business impact and schedule the necessary updates to patch the software.