Lucene search

Ubuntu.comUB:CVE-2019-11781

HistoryDec 22, 2020 - 12:00 a.m.

CVE-2019-11781

2020-12-2200:00:00

ubuntu.com

odoo community

odoo enterprise

input validation

remote attackers

account modification

crafted links

privilege escalation

portal component

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

72.8%

JSON

Improper input validation in portal component in Odoo Community 12.0 and
earlier and Odoo Enterprise 12.0 and earlier, allows remote attackers to
trick victims into modifying their account via crafted links, leading to
privilege escalation.

References

github.com/odoo/odoo/issues/63706

launchpad.net/bugs/cve/CVE-2019-11781

nvd.nist.gov/vuln/detail/CVE-2019-11781

security-tracker.debian.org/tracker/CVE-2019-11781

www.cve.org/CVERecord?id=CVE-2019-11781

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

72.8%

JSON

Related for UB:CVE-2019-11781