Improper Access Control in Mail Module Allows Unauthorized Subscription to Channels

Improper Access Control in Mail Module Allows Unauthorized Subscription to Channels

CVE-2019-11783 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Improper access control in mail module (channel partners) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail channels uninvited.

Learn more about our User Device Pen Test.