Announcements 邮件列表存档


Odoo Security Advisory disclosure: ODOO-SA-2019-10-25

Olivier Dony (odo)
- 2019年12月19日 11时05分38秒
Public disclosure notification for Security Advisory ODOO-SA-2019-10-25

This advisory only impacts Odoo 13.0.

Please be sure that your Odoo 13 deployments are up-to-date. Follow the links at the end of the summary to read the detailed disclosure, including reference revision numbers and dates.
If you are unsure about the update process, please refer to our online instructions:

# Public disclosure
This is the public disclosure, which means the private disclosure took place earlier for Odoo Enterprise customers in self-hosting mode (or using third-party hosting services).

# Odoo Cloud users
If you are using one of the Odoo Cloud-hosted services (Odoo Online & Odoo.SH) there is nothing to do, these updates were automatically applied as soon as the corrections were available.


# ODOO-SA-2019-10-25-1 (CVE-2019-11780)
Severity :: High :: 8.1 :: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Improper access control in the computed fields system of the framework
of Odoo Community 13.0 and Odoo Enterprise 13.0 allowed remote authenticated
attackers to access sensitive information via crafted RPC requests,
which could lead to privilege escalation.