admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Odoo: ODOO-SA-2018-11-28

Browse Source 
- CVE-2018-15631
- CVE-2018-15635
- CVE-2018-15640
This commit is contained in:
Olivier Dony 2019-04-05 16:10:50 +02:00
parent 8a13170c4f
commit f7a2ebe2a5
No known key found for this signature in database
GPG Key ID: CD556E25E8A6D0D4
3 changed files with 264 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
2018/15xxx/CVE-2018-15631.json
View File

@ -1,8 +1,43 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@odoo.com",
"ID": "CVE-2018-15631", "ID": "CVE-2018-15631",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Odoo Community",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "12.0"
}
]
}
},
{
"product_name": "Odoo Enterprise",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "12.0"
}
]
}
}
]
},
"vendor_name": "Odoo"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,8 +46,48 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Improper access control in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote authenticated attackers to e-mail themselves arbitrary files from the database, via a crafted RPC request."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/odoo/odoo/issues/32516"
}
]
},
"source": {
"advisory": "ODOO-SA-2018-11-28-3",
"discovery": "EXTERNAL"
}
} }

81
2018/15xxx/CVE-2018-15635.json
View File

@ -1,8 +1,43 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@odoo.com",
"ID": "CVE-2018-15635", "ID": "CVE-2018-15635",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Odoo Community",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "12.0"
}
]
}
},
{
"product_name": "Odoo Enterprise",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "12.0"
}
]
}
}
]
},
"vendor_name": "Odoo"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,8 +46,48 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Cross-site scripting vulnerability in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote attackers to inject arbitrary web script in the browser of an internal user of the system by tricking them into inviting a follower on a document with a crafted name."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/odoo/odoo/issues/32515"
}
]
},
"source": {
"advisory": "ODOO-SA-2018-11-28-2",
"discovery": "EXTERNAL"
}
} }

75
2018/15xxx/CVE-2018-15640.json
View File

@ -1,8 +1,37 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@odoo.com",
"DATE_PUBLIC": "2019-04-05T14:00:00.000Z",
"ID": "CVE-2018-15640", "ID": "CVE-2018-15640",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Odoo Enterprise",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "12.0"
},
{
"version_affected": ">=",
"version_value": "10.0"
}
]
}
}
]
},
"vendor_name": "Odoo"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,8 +40,48 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Improper access control in the Helpdesk App of Odoo Enterprise 10.0 through 12.0 allows remote authenticated attackers to obtain elevated privileges via a crafted request."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/odoo/odoo/issues/32514"
}
]
},
"source": {
"advisory": "ODOO-SA-2018-11-28-1",
"discovery": "EXTERNAL"
}
} }