CVE-2021-23203

Published Apr 25, 2023

Last updated 3 months ago

CVSS high 7.5

Overview

Description: Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests.
Source: security@odoo.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

security@odoo.com: CWE-284
nvd@nist.gov: NVD-CWE-Other
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-863

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:odoo:odoo:14.0:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D952E47-04E1-4146-A3AA-3804A1AB52DA"
          },
          {
            "criteria": "cpe:2.3:a:odoo:odoo:14.0:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEB5354F-C1AC-48D6-8922-656F952442A1"
          },
          {
            "criteria": "cpe:2.3:a:odoo:odoo:15.0:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBD0BABD-16C5-449D-8BE7-9E948A509FA5"
          },
          {
            "criteria": "cpe:2.3:a:odoo:odoo:15.0:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24A23452-4857-4F4B-AA5A-944F9073A554"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References