CVE-2021-23166

HIGH8.7EPSS 0.45%

odoo - security update

Published: 4/25/2023Modified: 4/28/2026

Description

A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server.

Affected packages (3)

Bitnami/odoofrom 0, < 15.0.1
Debian/odoofrom 0, < 14.0.0+dfsg.2-7+deb11u1
Debian/odoofrom 0, < 14.0.0+dfsg.2-7+deb11u1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

References (4)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2021-23166
WEBhttps://github.com/odoo/odoo/issues/107687
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2021-23166
WEBhttps://www.debian.org/security/2023/dsa-5399