Debian 11 DSA-5399-1 Moderate: Odoo Access Control Threats
debian
May 5, 2023
Several vulnerabilities were discovered in odoo, a suite of web based open source business apps
Topics Covered
Summary
CVE-2021-44775, CVE-2021-26947, CVE-2021-45071, CVE-2021-26263:
XSS allowing remote attacker to inject arbitrary commands.
CVE-2021-45111:
Incorrect access control allowing authenticated remote user to
create user accounts and access restricted data.
CVE-2021-44476, CVE-2021-23166:
Incorrect access control allowing authenticated remote administrator
to access local files on the server.
CVE-2021-23186:
Incorrect access control allowing authenticated remote administrator
to modify database contents of other tenants.
CVE-2021-23178:
Incorrect access control allowing authenticated remote user to
use another user's payment method.
CVE-2021-23176:
Incorrect access control allowing authenticated remote user to
access accounting information.
CVE-2021-23203:
Incorrect access control allowing authenticated remote user to
access arbitrary documents via PDF exports.
For the stable distribution (bullseye), these problems have been fixed in
version 14.0.0+dfsg.2-7+deb11u1.
We recommend that y...
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: odoo
CVE ID: CVE-2021-23166 CVE-2021-23176 CVE-2021-23178 CVE-2021-23186
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!