Vulnerabilities > CVE-2019-11783 - Missing Authorization vulnerability in Odoo

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
odoo
CWE-862

Summary

Improper access control in mail module (channel partners) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail channels uninvited.

Vulnerable Configurations

Part Description Count
Application
Odoo
14

Common Weakness Enumeration (CWE)