Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests.
References
Link | Resource |
---|---|
https://github.com/odoo/odoo/issues/107695 | Issue Tracking Patch Vendor Advisory |
https://www.debian.org/security/2023/dsa-5399 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: odoo
Published: 2023-04-25T18:35:38.489Z
Updated: 2023-04-25T18:35:38.489Z
Reserved: 2021-07-20T14:28:12.189Z
Link: CVE-2021-23203
JSON object: View
NVD Information
Status : Modified
Published: 2023-04-25T19:15:09.403
Modified: 2023-05-05T21:15:09.403
Link: CVE-2021-23203
JSON object: View
Redhat Information
No data.
CWE