CVE-2018-15640
published 2019-04-09CVE-2018-15640: Improper access control in the Helpdesk App of Odoo Enterprise 10.0 through 12.0 allows remote authenticated attackers to obtain elevated privileges via a…
PriorityP258high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
7.92%
94.0th percentile
Improper access control in the Helpdesk App of Odoo Enterprise 10.0 through 12.0 allows remote authenticated attackers to obtain elevated privileges via a crafted request.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | odoo | — | — |
| odoo | odoo | 10.0 – 12.0 | — |
| odoo | odoo_enterprise | >= 10.0 < unspecified | unspecified |
| odoo | odoo_enterprise | unspecified – 12.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- ·Vulnerability affects Odoo Enterprise 10.0 through 12.0 (Helpdesk App); only Enterprise editions with the Helpdesk module enabled are in scope ↗
- ·Exploitation requires prior authentication; attack vector is a crafted HTTP request to the Helpdesk App endpoint — no unauthenticated exploitation path is described in available sources ↗
- ·Debian security tracker classifies scope as 'local' despite the NVD description referencing remote authenticated access; verify applicability against your deployment model ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_debian8.8LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2018-15640: odoo - Improper access control in the Helpdesk App of Odoo Enterprise 10.0 through 12.0...
vendor_debian·2018·CVSS 8.8
CVE-2018-15640 [HIGH] CVE-2018-15640: odoo - Improper access control in the Helpdesk App of Odoo Enterprise 10.0 through 12.0...
Improper access control in the Helpdesk App of Odoo Enterprise 10.0 through 12.0 allows remote authenticated attackers to obtain elevated privileges via a crafted request.
Scope: local
bullseye: resolved
sid: resolved
GHSA
GHSA-vhhx-5xpf-622g: Improper access control in the Helpdesk App of Odoo Enterprise 10
ghsa_unreviewed·2022-05-13
CVE-2018-15640 [HIGH] CWE-863 GHSA-vhhx-5xpf-622g: Improper access control in the Helpdesk App of Odoo Enterprise 10
Improper access control in the Helpdesk App of Odoo Enterprise 10.0 through 12.0 allows remote authenticated attackers to obtain elevated privileges via a crafted request.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-04-09
Published