Improper Access Control in Mail Module Allows Unauthorized Access and Subscription

Improper Access Control in Mail Module Allows Unauthorized Access and Subscription

CVE-2019-11785 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Improper access control in mail module (followers) in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to obtain access to messages posted on business records there were not given access to, and subscribe to receive future messages.

Learn more about our User Device Pen Test.