CVE-2019-11785

Summary

Improper access control in mail module (followers) in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to obtain access to messages posted on business records there were not given access to, and subscribe to receive future messages.

Affected Software

VendorProductVersion RangeStatus
OdooOdoo Communityunspecified <= 13.0affected
OdooOdoo Enterpriseunspecified <= 13.0affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References