PT-2019-9063 · Wkhtmltopdf+2 · Wkhtmltopdf+3

Nils Hamerlinck

Publicado

2019-04-26

Atualizado

2019-07-05

CVE-2018-14865

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Odoo Community versions 9.0 through 11.0 Odoo Enterprise versions 9.0 through 11.0

Description The report engine in Odoo does not use secure options when passing documents to wkhtmltopdf, allowing remote attackers to read local files.

Recommendations For Odoo Community versions 9.0 through 11.0, consider updating to a version that uses secure options when passing documents to wkhtmltopdf. For Odoo Enterprise versions 9.0 through 11.0, consider updating to a version that uses secure options when passing documents to wkhtmltopdf. As a temporary workaround, consider restricting access to the report engine until a secure version is available.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALT-PU-2019-1740

CVE-2018-14865

Produtos afetados

Alt Linux

Odoo Community

Odoo Enterprise

Wkhtmltopdf

PT-2019-9063 · Wkhtmltopdf+2 · Wkhtmltopdf+3

CVE-2018-14865

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5