CVE-2021-23203

Summary

Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests.

Affected Software

VendorProductVersion RangeStatus
OdooOdoo Community14.0 <= 15.0affected
OdooOdoo Enterprise14.0 <= 15.0affected

Weaknesses

  • CWE-284: Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References