CVE-2017-10804

Sažetak

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 characters are truncated before reaching the database layer. This occurs because Psycopg 2.x before 2.6.3 is used.

Reference

http://initd.org/psycopg/docs/news.html#what-s-new-in-psycopg-2-6-3
https://github.com/odoo/odoo/issues/17914
https://github.com/psycopg/psycopg2/issues/420

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

12-07-2017 - 19:04

Objavljeno

04-07-2017 - 18:29