Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess document attribute values, via crafted parameters.
References
Link | Resource |
---|---|
https://github.com/odoo/odoo/commits/master | Third Party Advisory |
https://github.com/odoo/odoo/issues/32503 | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-06-28T17:37:45
Updated: 2019-06-28T17:37:45
Reserved: 2018-08-02T00:00:00
Link: CVE-2018-14867
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-06-28T18:15:10.410
Modified: 2019-07-05T13:24:30.603
Link: CVE-2018-14867
JSON object: View
Redhat Information
No data.
CWE