Overview
- Description
- Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests.
- Source
- security@odoo.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
- security@odoo.com
- CWE-284
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:odoo:odoo:14.0:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D952E47-04E1-4146-A3AA-3804A1AB52DA"
},
{
"criteria": "cpe:2.3:a:odoo:odoo:14.0:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BEB5354F-C1AC-48D6-8922-656F952442A1"
},
{
"criteria": "cpe:2.3:a:odoo:odoo:15.0:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EBD0BABD-16C5-449D-8BE7-9E948A509FA5"
},
{
"criteria": "cpe:2.3:a:odoo:odoo:15.0:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24A23452-4857-4F4B-AA5A-944F9073A554"
}
],
"operator": "OR"
}
]
}
]