PT-2019-9066 · Odoo · Odoo Community+1

Nils Hamerlinck

Publicado

2019-06-28

Atualizado

2020-08-24

CVE-2018-14868

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Odoo Community version 9.0 Odoo Enterprise version 9.0

Description The issue is related to incorrect access control in the Password Encryption module, allowing authenticated users to change the password of other users without knowing their current password via a crafted RPC call.

Recommendations For Odoo Community version 9.0, update the Password Encryption module to enforce proper access control. For Odoo Enterprise version 9.0, update the Password Encryption module to enforce proper access control. As a temporary workaround, consider restricting access to the Password Encryption module until a patch is available.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2018-14868

Produtos afetados

Odoo Community

Odoo Enterprise

PT-2019-9066 · Odoo · Odoo Community+1

CVE-2018-14868

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5