PT-2017-11515 · Psycopg+1 · Psycopg+1
Benkuhn
·
Publicado
2017-07-04
·
Atualizado
2017-07-12
·
CVE-2017-10804
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Odoo versions 8.0, 9.0, and 10.0
Odoo Community Edition versions 9.0 and 10.0
Odoo Enterprise Edition versions 9.0 and 10.0
Description
The issue allows remote attackers to bypass authentication under certain circumstances. This happens because parameters containing 0x00 characters are truncated before reaching the database layer due to the use of Psycopg 2.x before 2.6.3.
Recommendations
For Odoo versions 8.0, 9.0, and 10.0, consider updating Psycopg to version 2.6.3 or later to prevent parameter truncation.
For Odoo Community Edition versions 9.0 and 10.0, update Psycopg to version 2.6.3 or later.
For Odoo Enterprise Edition versions 9.0 and 10.0, update Psycopg to version 2.6.3 or later.
Exploit
Correção
Missing Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Odoo
Psycopg