Improper access control in mail module (notifications) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to obtain access to arbitrary messages in conversations they were not a party to.
References
Link | Resource |
---|---|
https://github.com/odoo/odoo/issues/63709 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
28 Oct 2021, 16:18
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-862 |
Information
Published : 2020-12-22 17:15
Updated : 2024-02-04 21:23
NVD link : CVE-2019-11784
Mitre link : CVE-2019-11784
CVE.ORG link : CVE-2019-11784
JSON object : View
Products Affected
odoo
- odoo