27761 – odoo security issue CVE-2019-11780

Bug 27761 - odoo security issue CVE-2019-11780

Summary: odoo security issue CVE-2019-11780

Status:	RESOLVED INVALID

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Mageia Bug Squad
QA Contact:	Sec team

URL:	https://nvd.nist.gov/vuln/detail/CVE-...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2020-12-06 15:41 CET by Zombie Ryushu
Modified:	2020-12-06 17:28 CET (History)
CC List:	0 users

See Also:
Source RPM:	odoo-11.0-0.20190112.3.mga8.src
CVE:	CVE-2019-11780
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Zombie Ryushu 2020-12-06 15:41:53 CET

Improper access control in the computed fields system of the framework of Odoo Community 13.0 and Odoo Enterprise 13.0 allows remote authenticated attackers to access sensitive information via crafted RPC requests, which could lead to privilege escalation.

Zombie Ryushu 2020-12-06 15:42:10 CET

CVE: (none) => CVE-2019-11780
QA Contact: (none) => security
Component: RPM Packages => Security

Comment 1 David Walser 2020-12-06 17:28:07 CET

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-11780
https://github.com/odoo/odoo/issues/42196

Only 13.0 is affected, ours is too old.

Status: NEW => RESOLVED
Resolution: (none) => INVALID

Note You need to log in before you can comment on or make changes to this bug.