CVE-2021-44476

MEDIUM6.8EPSS 0.24%

Published: 4/25/2023Modified: 4/28/2026

Also known as:DEBIAN-CVE-2021-44476

Description

A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files.

Affected packages (2)

Bitnami/odoofrom 0, < 15.0.1
Debian/odoofrom 0, < 14.0.0+dfsg.2-7+deb11u1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

References (4)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2021-44476
WEBhttps://github.com/odoo/odoo/issues/107684
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2021-44476
WEBhttps://www.debian.org/security/2023/dsa-5399