CVE-2018-14886
First published: Fri Jun 28 2019(Updated: )
The module-description renderer in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier does not disable RST's local file inclusion, which allows privileged authenticated users to read local files via a crafted module description.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Odoo Odoo | =9.0 | |
| Odoo Odoo | =9.0 | |
| Odoo Odoo | =10.0 | |
| Odoo Odoo | =10.0 | |
| Odoo Odoo | =11.0 | |
| Odoo Odoo | =11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2018-14886?
CVE-2018-14886 is a vulnerability in Odoo Community and Odoo Enterprise versions 9.0, 10.0, and 11.0 that allows privileged authenticated users to read local files.
How severe is CVE-2018-14886?
CVE-2018-14886 has a severity rating of 4.9 out of 10.
How does CVE-2018-14886 affect Odoo?
CVE-2018-14886 affects Odoo Community and Odoo Enterprise versions 9.0, 10.0, and 11.0.
How can I fix CVE-2018-14886?
To fix CVE-2018-14886, you need to update Odoo Community and Odoo Enterprise to a version where the vulnerability is patched.
Where can I find more information about CVE-2018-14886?
You can find more information about CVE-2018-14886 on the Odoo GitHub page and the corresponding issue.
- collector/nvd-index
- agent/references
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/odoo
- canonical/odoo odoo
- version/odoo odoo/9.0
- version/odoo odoo/10.0
- version/odoo odoo/11.0