It was found that authenticated malicious user can write arbitrary values in record fields due missed checks of access permissions when multiple records are written.
Created trytond tracking bugs for this issue:
Affects: fedora-all [bug 1293283]
Affects: epel-all [bug 1293284]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.