CVE-2018-14886

The module-description renderer in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier does not disable RST's local file inclusion, which allows privileged authenticated users to read local files via a crafted module description.
References
Link Resource
https://github.com/odoo/odoo/commits/master Third Party Advisory
https://github.com/odoo/odoo/issues/32513 Patch Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:odoo:odoo:9.0:*:*:*:community:*:*:*
cpe:2.3:a:odoo:odoo:10.0:*:*:*:community:*:*:*
cpe:2.3:a:odoo:odoo:11.0:*:*:*:community:*:*:*
cpe:2.3:a:odoo:odoo:11.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:odoo:odoo:9.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:odoo:odoo:10.0:*:*:*:enterprise:*:*:*

Information

Published : 2019-06-28 11:15

Updated : 2020-08-24 10:37


NVD link : CVE-2018-14886

Mitre link : CVE-2018-14886


JSON object : View

CWE
CWE-732

Incorrect Permission Assignment for Critical Resource

Advertisement

dedicated server usa

Products Affected

odoo

  • odoo