Stephane Bidoul

**Name of the Vulnerable Software and Affected Versions** Odoo Community versions 11.0 and earlier Odoo Enterprise versions 11.0 and earlier **Description** The issue concerns the module-description renderer, which fails to disable RST's local file inclusion. This allows privileged authenticated users to read local files by crafting a module description. **Recommendations** For Odoo Community versions 11.0 and earlier, update to a version that fixes this issue. For Odoo Enterprise versions 11.0 and earlier, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the module-description renderer to minimize the risk of exploitation.