CVE-2021-23203

HIGH7.5EPSS 0.28%

Published: 4/25/2023Modified: 4/28/2026

Description

Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests.

Affected packages (2)

Bitnami/odoo>= 14.0.0, < 14.0.1, >= 15.0.0, < 15.0.1
Debian/odoofrom 0, < 14.0.0+dfsg.2-7+deb11u1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (4)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2021-23203
WEBhttps://github.com/odoo/odoo/issues/107695
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2021-23203
WEBhttps://www.debian.org/security/2023/dsa-5399