CVE-2020-29396

Summary

A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation.

Affected Software

VendorProductVersion RangeStatus
OdooOdoo Community11.0 < unspecifiedaffected
OdooOdoo Enterprise11.0 < unspecifiedaffected
OdooOdoo Communityunspecified <= 13.0affected
OdooOdoo Enterpriseunspecified <= 13.0affected

Weaknesses

  • CWE-267: CWE-267: Privilege Defined With Unsafe Actions

ADP Enrichment

CVE Program Container

Additional References

References