CVE-2021-44476 — Privilege Defined With Unsafe Actions in Odoo

CWE-267 — Privilege Defined With Unsafe Actions4 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

0.5%

top 32.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Odoo Debian Odoo Odoo Community +1 more

Timeline

PublishedApr 25

Description

A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NExploitability: 2.3 | Impact: 4.0

Affected Packages5 packages

▶CVEListV5odoo/odoo_community15.0

▶CVEListV5odoo/odoo_enterprise15.0

▶debiandebian/odoo< odoo 14.0.0+dfsg.2-7+deb11u1 (bullseye)

▶Debianodoo/odoo< 14.0.0+dfsg.2-7+deb11u1

▶NVDodoo/odoo15.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-9pr4-h436-c9w9: A sandboxing issue in Odoo Community 15↗2023-04-25

▶

OSV

CVE-2021-44476: A sandboxing issue in Odoo Community 15↗2023-04-25

▶

📋Vendor Advisories

Debian

CVE-2021-44476: odoo - A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 a...↗2021

▶