CVE-2021-44547Privilege Defined With Unsafe Actions in Odoo

CWE-267Privilege Defined With Unsafe Actions4 documents4 sources
Severity
9.1CRITICALNVD
EPSS
0.3%
top 42.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
OdooOdoo CommunityOdoo Enterprise+1 more
Timeline
PublishedApr 25

Description

A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages4 packages

CVEListV5odoo/odoo_community15.0
CVEListV5odoo/odoo_enterprise15.0
NVDodoo/odoo15.0
debiandebian/odoo

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-6pv9-8vp3-8q9q: A sandboxing issue in Odoo Community 152023-04-25
OSV
CVE-2021-44547: A sandboxing issue in Odoo Community 152023-04-25

📋Vendor Advisories

1
Debian
CVE-2021-44547: odoo - A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authen...2021