Описание
Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a crafted RPC request.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:odoo:odoo:9.0:*:*:*:community:*:*:*
cpe:2.3:a:odoo:odoo:9.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:odoo:odoo:10.0:*:*:*:community:*:*:*
cpe:2.3:a:odoo:odoo:10.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:odoo:odoo:11.0:*:*:*:community:*:*:*
cpe:2.3:a:odoo:odoo:11.0:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 48%
0.00254
Низкий
6.5 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-732
Связанные уязвимости
CVSS3: 6.5
debian
больше 6 лет назад
Incorrect access control in the mail templating system in Odoo Communi ...
github
больше 3 лет назад
Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a crafted RPC request.
EPSS
Процентиль: 48%
0.00254
Низкий
6.5 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-732