*** This bug is a security vulnerability ***
Public security bug reported:
To reproduce:
* create a new user, with only access as HR Employee.
* login and go to the HR module, Employees option: as expected, you inly see
the public tab.
* change to Tree view, select dome records and export them. You will be able to
choose private fields, such as Home Address, Birth Date or Bank Account.
* Export the data, and you will have the personal information in a spreasheet
** Affects: openobject-addons
Importance: Undecided
Status: New
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of OpenERP
Indian Team, which is subscribed to OpenERP Addons.
https://bugs.launchpad.net/bugs/1206802
Title:
[7.0] Employee personal information is publicly accessible
Status in OpenERP Addons (modules):
New
Bug description:
To reproduce:
* create a new user, with only access as HR Employee.
* login and go to the HR module, Employees option: as expected, you inly see
the public tab.
* change to Tree view, select dome records and export them. You will be able
to choose private fields, such as Home Address, Birth Date or Bank Account.
* Export the data, and you will have the personal information in a spreasheet
To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-addons/+bug/1206802/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~openerp-india
Post to : [email protected]
Unsubscribe : https://launchpad.net/~openerp-india
More help : https://help.launchpad.net/ListHelp
