Incorrect access control in the TransientModel framework in Odoo Community 11.0 and previous versions and Odoo Enterprise 11.0 and previous versions allows authenticated malicious users to access data in transient records that they do not own by making an RPC call before garbage collection occurs.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
odoo odoo 9.0 |
||
odoo odoo 11.0 |
||
odoo odoo 10.0 |