cvelist/2019/11xxx/CVE-2019-11780.json

{
    "data_type": "CVE",
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2019-11780",
        "ASSIGNER": "security@odoo.com",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Odoo Community",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "13.0"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "Odoo Enterprise",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "13.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Odoo"
                }
            ]
        }
    },
    "credit": [
        {
            "lang": "eng",
            "value": "Swapnesh Shah"
        }
    ],
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Improper access control in the computed fields system of the framework of Odoo Community 13.0 and Odoo Enterprise 13.0 allows remote authenticated attackers to access sensitive information via crafted RPC requests, which could lead to privilege escalation."
            }
        ]
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-284 Improper Access Control"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://github.com/odoo/odoo/issues/42196",
                "name": "https://github.com/odoo/odoo/issues/42196"
            }
        ]
    },
    "source": {
        "advisory": "ODOO-SA-2019-10-25-1",
        "discovery": "EXTERNAL"
    }
}
"-Synchronized-Data." 2019-05-06 18:00:50 +00:00			`{`
			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"data_version": "4.0",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2019-11780",`
Odoo: ODOO-SA-2019-10-25 - CVE-2019-11780 2019-12-19 16:45:51 +01:00			`"ASSIGNER": "security@odoo.com",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2019-05-06 18:00:50 +00:00			`},`
Odoo: ODOO-SA-2019-10-25 - CVE-2019-11780 2019-12-19 16:45:51 +01:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Odoo Community",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "=",`
			`"version_value": "13.0"`
			`}`
			`]`
			`}`
			`},`
			`{`
			`"product_name": "Odoo Enterprise",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "=",`
			`"version_value": "13.0"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Odoo"`
			`}`
			`]`
			`}`
			`},`
			`"credit": [`
			`{`
			`"lang": "eng",`
			`"value": "Swapnesh Shah"`
			`}`
			`],`
"-Synchronized-Data." 2019-05-06 18:00:50 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
Odoo: ODOO-SA-2019-10-25 - CVE-2019-11780 2019-12-19 16:45:51 +01:00			`"value": "Improper access control in the computed fields system of the framework of Odoo Community 13.0 and Odoo Enterprise 13.0 allows remote authenticated attackers to access sensitive information via crafted RPC requests, which could lead to privilege escalation."`
			`}`
			`]`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 8.1,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "LOW",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-284 Improper Access Control"`
			`}`
			`]`
"-Synchronized-Data." 2019-05-06 18:00:50 +00:00			`}`
			`]`
Odoo: ODOO-SA-2019-10-25 - CVE-2019-11780 2019-12-19 16:45:51 +01:00			`},`
			`"references": {`
			`"reference_data": [`
			`{`
"-Synchronized-Data." 2019-12-19 16:01:07 +00:00			`"refsource": "MISC",`
			`"url": "https://github.com/odoo/odoo/issues/42196",`
			`"name": "https://github.com/odoo/odoo/issues/42196"`
Odoo: ODOO-SA-2019-10-25 - CVE-2019-11780 2019-12-19 16:45:51 +01:00			`}`
			`]`
			`},`
			`"source": {`
			`"advisory": "ODOO-SA-2019-10-25-1",`
			`"discovery": "EXTERNAL"`
"-Synchronized-Data." 2019-05-06 18:00:50 +00:00			`}`
"-Synchronized-Data." 2019-12-19 16:01:07 +00:00			`}`