CVE-2019-11780
First published: Thu Dec 19 2019(Updated: )
Improper access control in the computed fields system of the framework of Odoo Community 13.0 and Odoo Enterprise 13.0 allows remote authenticated attackers to access sensitive information via crafted RPC requests, which could lead to privilege escalation.
Credit: security@odoo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Odoo Odoo | =13.0 | |
| Odoo Odoo | =13.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2019-11780.
What is the severity of CVE-2019-11780?
The severity of CVE-2019-11780 is high with a severity value of 8.1.
What is affected by CVE-2019-11780?
Odoo Community 13.0 and Odoo Enterprise 13.0 are affected by CVE-2019-11780.
How does CVE-2019-11780 allow attackers to access sensitive information?
CVE-2019-11780 allows remote authenticated attackers to access sensitive information via crafted RPC requests.
Is privilege escalation possible with CVE-2019-11780?
Yes, privilege escalation is possible with CVE-2019-11780.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- vendor/odoo
- canonical/odoo odoo
- version/odoo odoo/13.0