CVE-2020-29396

EUVD-2020-21769
A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
odooCNA
9.9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
odooodoo
11.0 ≤
𝑥
≤ 13.0
odooodoo
11.0 ≤
𝑥
≤ 13.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
odoo
bullseye
14.0.0+dfsg.2-7+deb11u2
fixed
bullseye (security)
14.0.0+dfsg.2-7+deb11u2
fixed
sid
17.0.0+dfsg3-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
odoo
bionic
dne
focal
dne
groovy
dne
hirsute
ignored
impish
ignored
jammy
needed
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needed
trusty
dne
xenial
dne
Common Weakness Enumeration
References
https://github.com/odoo/odoo/issues/63712
https://www.oracle.com/security-alerts/cpujul2022.html
https://github.com/odoo/odoo/issues/63712
https://www.oracle.com/security-alerts/cpujul2022.html