CVE-2021-44476

EUVD-2021-31309
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
odooCNA
6.8 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
odooodoo
𝑥
≤ 15.0
odooodoo
𝑥
≤ 15.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
odoo
bullseye
14.0.0+dfsg.2-7+deb11u2
fixed
bullseye (security)
14.0.0+dfsg.2-7+deb11u2
fixed
sid
17.0.0+dfsg3-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
odoo
bionic
dne
focal
dne
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
ignored
xenial
ignored
Common Weakness Enumeration
References
https://github.com/odoo/odoo/issues/107684
https://www.debian.org/security/2023/dsa-5399
https://github.com/odoo/odoo/issues/107684
https://www.debian.org/security/2023/dsa-5399