CVE-2019-11782 — Improper Access Control in Odoo

CWE-284 — Improper Access Control CWE-20 — Improper Input Validation6 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 67.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Odoo Apache Subversion Debian Odoo +2 more

Timeline

PublishedDec 22

Latest updateMay 26

Description

Improper access control in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users with access to contact management to modify user accounts, leading to privilege escalation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶CVEListV5odoo/odoo_communityunspecified — 14.0

▶CVEListV5odoo/odoo_enterpriseunspecified — 14.0

▶debiandebian/odoo< odoo 14.0.0+dfsg.2-1 (bullseye)

▶Debianodoo/odoo< 14.0.0+dfsg.2-1

▶NVDodoo/odoo14.0

🔴Vulnerability Details

OSV

subversion vulnerabilities↗2022-05-26

▶

GHSA

GHSA-xxrm-mm6r-v5x3: Improper access control in Odoo Community 14↗2022-05-24

▶

OSV

CVE-2019-11782: Improper access control in Odoo Community 14↗2020-12-22

▶

OSV

subversion vulnerabilities↗2019-07-31

▶

📋Vendor Advisories

Debian

CVE-2019-11782: odoo - Improper access control in Odoo Community 14.0 and earlier and Odoo Enterprise 1...↗2019

▶