Odoo · Odoo Community · CVE-2018-14886
**Name of the Vulnerable Software and Affected Versions**
Odoo Community versions 11.0 and earlier
Odoo Enterprise versions 11.0 and earlier
**Description**
The issue concerns the module-description renderer, which fails to disable RST's local file inclusion. This allows privileged authenticated users to read local files by crafting a module description.
**Recommendations**
For Odoo Community versions 11.0 and earlier, update to a version that fixes this issue.
For Odoo Enterprise versions 11.0 and earlier, update to a version that fixes this issue.
As a temporary workaround, consider restricting access to the module-description renderer to minimize the risk of exploitation.