CVE-2021-23166
published 2023-04-25CVE-2021-23166: A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on…
PriorityP343high8.7CVSS 3.1
AVNACLPRHUINSCCHIHAN
EPSS
0.64%
46.2th percentile
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | odoo | < odoo 14.0.0+dfsg.2-7+deb11u1 (bullseye) | odoo 14.0.0+dfsg.2-7+deb11u1 (bullseye) |
| odoo | odoo | <= 15.0 | — |
| odoo | odoo | >= 0 < 14.0.0+dfsg.2-7+deb11u1 | 14.0.0+dfsg.2-7+deb11u1 |
| odoo | odoo_community | <= 15.0 | — |
| odoo | odoo_enterprise | <= 15.0 | — |
CVSS provenance
nvdv3.18.7HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
nvdv3.08.7HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
osv8.7HIGH
vendor_debian8.7HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2021-23166: odoo - A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 a...
vendor_debian·2021·CVSS 8.7
CVE-2021-23166 [HIGH] CVE-2021-23166: odoo - A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 a...
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server.
Scope: local
bullseye: resolved (fixed in 14.0.0+dfsg.2-7+deb11u1)
sid: resolved (fixed in 16.0.0+dfsg.1-1)
OSV
CVE-2021-23166: A sandboxing issue in Odoo Community 15
osv·2023-04-25·CVSS 8.7
CVE-2021-23166 [HIGH] CVE-2021-23166: A sandboxing issue in Odoo Community 15
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server.
GHSA
GHSA-7pm2-436m-jff6: A sandboxing issue in Odoo Community 15
ghsa_unreviewed·2023-04-25
CVE-2021-23166 [HIGH] CWE-267 GHSA-7pm2-436m-jff6: A sandboxing issue in Odoo Community 15
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-04-25
Published