CVE-2018-14867

Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess document attribute values, via crafted parameters.
References
Link Resource
https://github.com/odoo/odoo/commits/master Third Party Advisory
https://github.com/odoo/odoo/issues/32503 Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:odoo:odoo:9.0:*:*:*:community:*:*:*
cpe:2.3:a:odoo:odoo:9.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:odoo:odoo:10.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:odoo:odoo:10.0:*:*:*:community:*:*:*

Information

Published : 2019-06-28 06:15

Updated : 2019-07-05 01:24


NVD link : CVE-2018-14867

Mitre link : CVE-2018-14867

Products Affected
No products.
CWE