CVE-2019-11780

Name of the Vulnerable Software and Affected Versions Odoo Community version 13.0 Odoo Enterprise version 13.0

Description The issue is related to improper access control in the computed fields system of the Odoo framework, allowing remote authenticated attackers to access sensitive information via crafted RPC requests. This could lead to privilege escalation. The vulnerability is also associated with errors in processing unsaved computed fields on behalf of the superuser, which can be exploited by a remote attacker to elevate their privileges in the target system by sending specially crafted RPC requests.

Recommendations For Odoo Community version 13.0, update to a version that includes a fix for the improper access control issue in the computed fields system. For Odoo Enterprise version 13.0, update to a version that includes a fix for the improper access control issue in the computed fields system. As a temporary workaround, consider restricting access to the computed fields system to minimize the risk of exploitation.