CVE-2019-11782 MEDIUM

CVE-2019-11782

Vendor Odoo
Product Odoo Community
Weakness CWE-284
Published December 22, 2020
Last update August 4, 2024
View on NVD All CVEs

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

Improper access control in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users with access to contact management to modify user accounts, leading to privilege escalation.

Key dates

02Disclosure timeline

December 22, 2020 CVE published
August 4, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-0212 Cloudflare WordPress plugin enables information disclosure of Cloudflare API (for low privileged users) CVE-2025-24411 Adobe Commerce | Improper Access Control (CWE-284) CVE-2026-8240 Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure in Backend\SummaryTemplate CVE-2023-1432 SourceCodester Online Food Ordering System POST Request access control CVE-2026-20929 Windows HTTP.sys Elevation of Privilege Vulnerability