CVE-2018-14886
Description
The module-description renderer in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier does not disable RSTs local file inclusion, which allows privileged authenticated users to read local files via a crafted module description.
Risk Information
Base Score
4.9
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.282
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Odoo 10.0 | Windows |
| Multiple Vulnerabilities are affected in Odoo 9.0 | Windows |
| Multiple Vulnerabilities are affected in Odoo 11.0 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234