15.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

odoo

NVD

Published: 2023-04-25

Updated: 2023-05-05

Summary

Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests.

Vulnerable Configurations

Part	Description	Count
Application	Odoo Odoo Odoo 14.0 Odoo Odoo 15.0	4

References

https://github.com/odoo/odoo/issues/107695
https://www.debian.org/security/2023/dsa-5399