CVE-2019-11785 MEDIUM

CVE-2019-11785

Vendor Odoo

Product Odoo Community

Weakness CWE-284

Published December 22, 2020

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Improper access control in mail module (followers) in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to obtain access to messages posted on business records there were not given access to, and subscribe to receive future messages.

Key dates

02Disclosure timeline

December 22, 2020 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-11785

Related vulnerabilities

Identifiers

CVE CVE-2019-11785

CWE CWE-284

CVSS 6.5 / MEDIUM

Affected versions

Vendor Odoo

Product Odoo Community

Affected ≥ unspecified and ≤ 13.0

Vendor Odoo

Product Odoo Enterprise

Affected ≥ unspecified and ≤ 13.0

CVE-2019-11785

01Description

02Disclosure timeline

03References

04Related CVE