CVE-2018-15631

Опубликовано: 09 апр. 2019

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

Improper access control in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote authenticated attackers to e-mail themselves arbitrary files from the database, via a crafted RPC request.

Ссылки

https://github.com/odoo/odoo/issues/32516
Patch
Third Party Advisory
https://www.excellium-services.com/cert-xlm-advisory/cve-2018-15631/
Third Party Advisory
https://github.com/odoo/odoo/issues/32516
Patch
Third Party Advisory
https://www.excellium-services.com/cert-xlm-advisory/cve-2018-15631/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:odoo:odoo:*:*:*:*:community:*:*:*

Версия до 12.0 (включая)

cpe:2.3:a:odoo:odoo:*:*:*:*:enterprise:*:*:*

Версия до 12.0 (включая)

EPSS

Процентиль: 43%

0.00211

Низкий

6.5 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-284

NVD-CWE-noinfo

Связанные уязвимости

CVE-2018-15631

CVSS3: 6.5

debian

почти 7 лет назад

Improper access control in the Discuss App of Odoo Community 12.0 and ...

GHSA-69pp-3rvf-3wvx

CVSS3: 6.5

github

больше 3 лет назад

EPSS

Процентиль: 43%

0.00211

Низкий

6.5 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-284

NVD-CWE-noinfo