Announcements archivos de la lista de correo

announcements@mail.odoo.com

Avatar

Odoo Security Advisory disclosure: ODOO-SA-2019-10-25

por
Olivier Dony (odo)
- 19/12/2019 11:05:38
Public disclosure notification for Security Advisory ODOO-SA-2019-10-25

This advisory only impacts Odoo 13.0.

Please be sure that your Odoo 13 deployments are up-to-date. Follow the links at the end of the summary to read the detailed disclosure, including reference revision numbers and dates.
If you are unsure about the update process, please refer to our online instructions: https://www.odoo.com/documentation/13.0/setup/update.html

# Public disclosure
This is the public disclosure, which means the private disclosure took place earlier for Odoo Enterprise customers in self-hosting mode (or using third-party hosting services).

# Odoo Cloud users
If you are using one of the Odoo Cloud-hosted services (Odoo Online & Odoo.SH) there is nothing to do, these updates were automatically applied as soon as the corrections were available.

~~~

# ODOO-SA-2019-10-25-1 (CVE-2019-11780)
Severity :: High :: 8.1 :: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Improper access control in the computed fields system of the framework
of Odoo Community 13.0 and Odoo Enterprise 13.0 allowed remote authenticated
attackers to access sensitive information via crafted RPC requests,
which could lead to privilege escalation.