PT-2017-18905 · Odoo · Odoo
Karim Boukabbouz
+1
·
Published
2017-06-03
·
Updated
2017-06-08
·
CVE-2017-9416
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Odoo versions 8.0 through 10.0
Description
The issue allows remote authenticated users to read arbitrary local files readable by the Odoo service due to a directory traversal vulnerability in
tools.file open.Recommendations
For Odoo versions 8.0 through 10.0, update to a version that contains a fix for this issue.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Odoo