CVE-2018-15645

EUVD-2018-7516
Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads, which may allow privilege escalation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
odooCNA
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
odooodoo
𝑥
≤ 12.0
odooodoo
𝑥
≤ 12.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
odoo
bullseye
14.0.0+dfsg.2-7+deb11u2
fixed
bullseye (security)
14.0.0+dfsg.2-7+deb11u2
fixed
sid
17.0.0+dfsg3-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
odoo
bionic
dne
focal
dne
groovy
dne
trusty
dne
xenial
dne
Common Weakness Enumeration
References
https://github.com/odoo/odoo/issues/63705
https://github.com/odoo/odoo/issues/63705