Lucene search

OdooCVELIST:CVE-2019-11786

HistoryDec 22, 2020 - 4:25 p.m.

CVE-2019-11786

2020-12-2216:25:38

CWE-284

odoo

www.cve.org

improper access control

remote authenticated users

translated terms

arbitrary content modification

odoo community

odoo enterprise

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

37.0%

JSON

Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to modify translated terms, which may lead to arbitrary content modification on translatable elements.

CNA Affected

[
  {
    "product": "Odoo Community",
    "vendor": "Odoo",
    "versions": [
      {
        "lessThanOrEqual": "13.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Odoo Enterprise",
    "vendor": "Odoo",
    "versions": [
      {
        "lessThanOrEqual": "13.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/odoo/odoo/issues/63711

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

37.0%

JSON

Related for CVELIST:CVE-2019-11786