Lucene search

Ubuntu.comUB:CVE-2018-15645

HistoryDec 22, 2020 - 12:00 a.m.

CVE-2018-15645

2020-12-2200:00:00

ubuntu.com

access control

message routing

odoo community

odoo enterprise

remote authenticated users

arbitrary records

crafted payloads

privilege escalation

cve-2018-15645

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

40.2%

JSON

Improper access control in message routing in Odoo Community 12.0 and
earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated
users to create arbitrary records via crafted payloads, which may allow
privilege escalation.

References

github.com/odoo/odoo/issues/63705

launchpad.net/bugs/cve/CVE-2018-15645

nvd.nist.gov/vuln/detail/CVE-2018-15645

security-tracker.debian.org/tracker/CVE-2018-15645

www.cve.org/CVERecord?id=CVE-2018-15645

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

40.2%

JSON

Related for UB:CVE-2018-15645