The module-description renderer in Odoo Community 11.0 and previous versions and Odoo Enterprise 11.0 and previous versions does not disable RST's local file inclusion, which allows privileged authenticated users to read local files via a crafted module description.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
odoo odoo 9.0 |
||
odoo odoo 10.0 |
||
odoo odoo 11.0 |