CVE-2018-14865: Infoleak
First published: Wed Jul 03 2019(Updated: )
Report engine in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier does not use secure options when passing documents to wkhtmltopdf, which allows remote attackers to read local files.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Odoo Odoo | =9.0 | |
| Odoo Odoo | =9.0 | |
| Odoo Odoo | =10.0 | |
| Odoo Odoo | =10.0 | |
| Odoo Odoo | =11.0 | |
| Odoo Odoo | =11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the CVE ID of this vulnerability?
The CVE ID of this vulnerability is CVE-2018-14865.
What is the severity level of CVE-2018-14865?
The severity level of CVE-2018-14865 is medium (6.5).
Which software versions are affected by CVE-2018-14865?
Odoo Community 9.0 through 11.0 and Odoo Enterprise 9.0 through 11.0 are affected by CVE-2018-14865.
How does CVE-2018-14865 allow remote attackers to read local files?
CVE-2018-14865 allows remote attackers to read local files by not using secure options when passing documents to wkhtmltopdf in the report engine of Odoo.
Is there a fix available for CVE-2018-14865?
Yes, a fix is available for CVE-2018-14865. Please refer to the provided reference link for more information.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/event
- agent/type
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/odoo
- canonical/odoo odoo
- version/odoo odoo/9.0
- version/odoo odoo/10.0
- version/odoo odoo/11.0