Lucene search

[email protected]NVD:CVE-2021-23186

HistoryApr 25, 2023 - 7:15 p.m.

CVE-2021-23186

2023-04-2519:15:09

[email protected]

web.nvd.nist.gov

sandboxing

odoo community

odoo enterprise

multi-tenant

cve-2021-23186

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.0%

JSON

A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenant system.

Affected configurations

NVD

Node

odooodooRange≤15.0community

odooodooRange≤15.0enterprise

References

github.com/odoo/odoo/issues/107688

www.debian.org/security/2023/dsa-5399

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.0%

JSON

Related for NVD:CVE-2021-23186

osv2 ubuntucve1 veracode1 debiancve1 prion1 cve1 cvelist1 nessus1 debian1 openvas1