CVE-2018-14886

The module-description renderer in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier does not disable RST's local file inclusion, which allows privileged authenticated users to read local files via a crafted module description.
References
Link Resource
https://github.com/odoo/odoo/commits/master Third Party Advisory
https://github.com/odoo/odoo/issues/32513 Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:odoo:odoo:9.0:*:*:*:community:*:*:*
cpe:2.3:a:odoo:odoo:9.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:odoo:odoo:10.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:odoo:odoo:10.0:*:*:*:community:*:*:*
cpe:2.3:a:odoo:odoo:11.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:odoo:odoo:11.0:*:*:*:community:*:*:*

Information

Published : 2019-06-28 06:15

Updated : 2020-08-24 05:37


NVD link : CVE-2018-14886

Mitre link : CVE-2018-14886

Products Affected
No products.
CWE