CVE-2021-23203

high

Description

Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests.

References

https://www.debian.org/security/2023/dsa-5399

https://github.com/odoo/odoo/issues/107695

Details

Source: Mitre, NVD

Published: 2023-04-25

Updated: 2023-05-05

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N