CVE-2017-10804

Опубликовано: 04 июл. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 characters are truncated before reaching the database layer. This occurs because Psycopg 2.x before 2.6.3 is used.

Ссылки

http://initd.org/psycopg/docs/news.html#what-s-new-in-psycopg-2-6-3
Release Notes
https://github.com/odoo/odoo/issues/17914
Patch
Third Party Advisory
https://github.com/psycopg/psycopg2/issues/420
Exploit
Third Party Advisory
http://initd.org/psycopg/docs/news.html#what-s-new-in-psycopg-2-6-3
Release Notes
https://github.com/odoo/odoo/issues/17914
Patch
Third Party Advisory
https://github.com/psycopg/psycopg2/issues/420
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:odoo:odoo:8.0:*:*:*:*:*:*:*

cpe:2.3:a:odoo:odoo:9.0:*:*:*:community:*:*:*

cpe:2.3:a:odoo:odoo:9.0:*:*:*:enterprise:*:*:*

cpe:2.3:a:odoo:odoo:10.0:*:*:*:community:*:*:*

cpe:2.3:a:odoo:odoo:10.0:*:*:*:enterprise:*:*:*

EPSS

Процентиль: 75%

0.00882

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-306

Связанные уязвимости

CVE-2017-10804

CVSS3: 9.8

debian

больше 8 лет назад

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise ...

GHSA-j3c8-pr4x-cmqw

CVSS3: 9.8

github

больше 3 лет назад

EPSS

Процентиль: 75%

0.00882

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-306