CVE-2019-11785

Name of the Vulnerable Software and Affected Versions Odoo Community versions 13.0 and earlier Odoo Enterprise versions 13.0 and earlier

Description The issue is related to improper access control in the mail module (followers) of Odoo Community and Odoo Enterprise. This allows remote authenticated users to obtain access to messages posted on business records they were not given access to, and subscribe to receive future messages.

Recommendations For Odoo Community versions 13.0 and earlier, update to a version later than 13.0 to resolve the issue. For Odoo Enterprise versions 13.0 and earlier, update to a version later than 13.0 to resolve the issue. As a temporary workaround, consider restricting access to the mail module (followers) to minimize the risk of exploitation.