CVE-2018-15645

CVSS 8.1 HIGHEPSS 0.9%CWE-284

Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads, which may allow privilege escalation.

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Produtos afetados

Odoo · Odoo Community Odoo · Odoo Enterprise

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/odoo/odoo/issues/63705