CVE-2017-10803
published 2017-07-04CVE-2017-10803: In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database…
PriorityP339medium6.5CVSS 3.0
AVLACLPRHUIRSUCHIHAH
EXPLOIT
EPSS
3.59%
88.0th percentile
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | odoo | — | — |
| odoo | odoo | — | — |
| odoo | odoo | — | — |
| odoo | odoo | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
nvdv2.08.5HIGHAV:N/AC:M/Au:S/C:C/I:C/A:C
vendor_debian6.5LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2017-10803: odoo - In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9....
vendor_debian·2017·CVSS 6.5
CVE-2017-10803 [MEDIUM] CVE-2017-10803: odoo - In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9....
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used.
Scope: local
bullseye: resolved
sid: resolved
GHSA
GHSA-wm9r-8vrh-fgpv: In Odoo 8
ghsa_unreviewed·2022-05-13
CVE-2017-10803 [HIGH] CWE-502 GHSA-wm9r-8vrh-fgpv: In Odoo 8
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used.
No detection rules found.
No writeups or analysis indexed.
2017-07-04
Published