Lucene search

Ubuntu.comUB:CVE-2019-11786

HistoryDec 22, 2020 - 12:00 a.m.

CVE-2019-11786

2020-12-2200:00:00

ubuntu.com

access control

odoo community

odoo enterprise

remote users

translated terms

content modification

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

37.0%

JSON

Improper access control in Odoo Community 13.0 and earlier and Odoo
Enterprise 13.0 and earlier, allows remote authenticated users to modify
translated terms, which may lead to arbitrary content modification on
translatable elements.

References

github.com/odoo/odoo/issues/63711

launchpad.net/bugs/cve/CVE-2019-11786

nvd.nist.gov/vuln/detail/CVE-2019-11786

security-tracker.debian.org/tracker/CVE-2019-11786

www.cve.org/CVERecord?id=CVE-2019-11786

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

37.0%

JSON

Related for UB:CVE-2019-11786