CVE-2018-15631
published 2019-04-09CVE-2018-15631: Improper access control in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote authenticated attackers to…
PriorityP341medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
1.40%
69.1th percentile
Improper access control in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote authenticated attackers to e-mail themselves arbitrary files from the database, via a crafted RPC request.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | odoo | — | — |
| odoo | odoo | <= 12.0 | — |
| odoo | odoo_community | unspecified – 12.0 | — |
| odoo | odoo_enterprise | unspecified – 12.0 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_debian6.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-69pp-3rvf-3wvx: Improper access control in the Discuss App of Odoo Community 12
ghsa_unreviewed·2022-05-13
CVE-2018-15631 [MEDIUM] GHSA-69pp-3rvf-3wvx: Improper access control in the Discuss App of Odoo Community 12
Improper access control in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote authenticated attackers to e-mail themselves arbitrary files from the database, via a crafted RPC request.
Debian
CVE-2018-15631: odoo - Improper access control in the Discuss App of Odoo Community 12.0 and earlier, a...
vendor_debian·2018·CVSS 6.5
CVE-2018-15631 [MEDIUM] CVE-2018-15631: odoo - Improper access control in the Discuss App of Odoo Community 12.0 and earlier, a...
Improper access control in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote authenticated attackers to e-mail themselves arbitrary files from the database, via a crafted RPC request.
Scope: local
bullseye: resolved
sid: resolved
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-04-09
Published