Bug 27761

Summary: odoo security issue CVE-2019-11780
Product: Mageia Reporter: Zombie Ryushu <zombie_ryushu>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED INVALID QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://nvd.nist.gov/vuln/detail/CVE-2019-11780
Whiteboard:
Source RPM: odoo-11.0-0.20190112.3.mga8.src CVE: CVE-2019-11780
Status comment:

Description Zombie Ryushu 2020-12-06 15:41:53 CET 
Improper access control in the computed fields system of the framework of Odoo Community 13.0 and Odoo Enterprise 13.0 allows remote authenticated attackers to access sensitive information via crafted RPC requests, which could lead to privilege escalation.
Zombie Ryushu 2020-12-06 15:42:10 CET

CVE: (none) => CVE-2019-11780
QA Contact: (none) => security
Component: RPM Packages => Security

Comment 1 David Walser 2020-12-06 17:28:07 CET 
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-11780
https://github.com/odoo/odoo/issues/42196

Only 13.0 is affected, ours is too old.

Status: NEW => RESOLVED
Resolution: (none) => INVALID