Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests.
References
Link | Resource |
---|---|
https://github.com/odoo/odoo/issues/107695 | Issue Tracking Patch Vendor Advisory |
https://www.debian.org/security/2023/dsa-5399 |
Configurations
Configuration 1 (hide)
|
History
05 May 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 May 2023, 20:06
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/odoo/odoo/issues/107695 - Issue Tracking, Patch, Vendor Advisory | |
First Time |
Odoo
Odoo odoo |
|
CWE | NVD-CWE-Other | |
CPE | cpe:2.3:a:odoo:odoo:14.0:*:*:*:enterprise:*:*:* cpe:2.3:a:odoo:odoo:15.0:*:*:*:enterprise:*:*:* cpe:2.3:a:odoo:odoo:14.0:*:*:*:community:*:*:* cpe:2.3:a:odoo:odoo:15.0:*:*:*:community:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
25 Apr 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-25 19:15
Updated : 2023-12-10 15:01
NVD link : CVE-2021-23203
Mitre link : CVE-2021-23203
CVE.ORG link : CVE-2021-23203
JSON object : View
Products Affected
odoo
- odoo
CWE