CVE-2019-11783

MEDIUM WAF: Low

CVSS 6.5 Published: 2020-12-22

CWE-862

Improper access control in mail module (channel partners) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail channels uninvited.

WAF Coverage Analysis

Missing Authorization Low WAF Coverage

OWASP: A01:2021 Broken Access Control

Affected Software

Vendor	Product	Version
odoo	odoo	up to 14.0
odoo	odoo	up to 14.0

References

github.com (Third Party Advisory)

Back to CVE Database