CVE 2017-8879
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.
See the
CVE page on Mitre.org
for more details.