openerp-india team mailing list archive

[Daniel Reis <1206802@xxxxxxxxxxxxxxxxxx>]

*** This bug is a security vulnerability ***

Public security bug reported:

To reproduce:
* create a new user, with only access as HR Employee.
* login and go to the HR module, Employees option: as expected, you inly see the public tab.
* change to Tree view, select dome records and export them. You will be able to choose private fields, such as Home Address, Birth Date or Bank Account.
* Export the data, and you will have the personal information in a spreasheet

** Affects: openobject-addons
     Importance: Undecided
         Status: New

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of OpenERP
Indian Team, which is subscribed to OpenERP Addons.
https://bugs.launchpad.net/bugs/1206802

Title:
  [7.0] Employee personal  information is publicly accessible

Status in OpenERP Addons (modules):
  New

Bug description:
  To reproduce:
  * create a new user, with only access as HR Employee.
  * login and go to the HR module, Employees option: as expected, you inly see the public tab.
  * change to Tree view, select dome records and export them. You will be able to choose private fields, such as Home Address, Birth Date or Bank Account.
  * Export the data, and you will have the personal information in a spreasheet

To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-addons/+bug/1206802/+subscriptions