Candidate: CVE-2019-11780
PublicDate: 2019-12-19 16:16:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11780
 https://github.com/odoo/odoo/issues/42196
Description:
 Improper access control in the computed fields system of the framework of
 Odoo Community 13.0 and Odoo Enterprise 13.0 allows remote authenticated
 attackers to access sensitive information via crafted RPC requests, which
 could lead to privilege escalation.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N [8.1 HIGH]


Patches_oca-core:
 upstream: https://github.com/odoo/odoo/commit/843fd38a97f02b49dc09d7f55919072d272fd80e
upstream_oca-core: needs-triage
precise/esm_oca-core: DNE
trusty_oca-core: ignored (out of standard support)
trusty/esm_oca-core: DNE
xenial_oca-core: DNE
bionic_oca-core: DNE
disco_oca-core: ignored (reached end-of-life)
eoan_oca-core: ignored (reached end-of-life)
focal_oca-core: needs-triage
groovy_oca-core: DNE
hirsute_oca-core: DNE
impish_oca-core: DNE
jammy_oca-core: DNE
devel_oca-core: DNE