Improper access control in mail module (followers) in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to obtain access to messages posted on business records there were not given access to, and subscribe to receive future messages.
References
Link | Resource |
---|---|
https://github.com/odoo/odoo/issues/63710 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: odoo
Published: 2020-12-22T16:25:38
Updated: 2020-12-22T16:25:38
Reserved: 2019-05-06T00:00:00
Link: CVE-2019-11785
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-12-22T17:15:13.393
Modified: 2021-10-28T16:18:03.107
Link: CVE-2019-11785
JSON object: View
Redhat Information
No data.