Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-5399-1 odoo -- security update

Related Vulnerabilities: CVE-2021-23166   CVE-2021-23176   CVE-2021-23178   CVE-2021-23186   CVE-2021-23203   CVE-2021-26263   CVE-2021-26947   CVE-2021-44476   CVE-2021-44775   CVE-2021-45071   CVE-2021-45111  

Several vulnerabilities were discovered in odoo, a suite of web based open source business apps. CVE-2021-44775, CVE-2021-26947, CVE-2021-45071, CVE-2021-26263 XSS allowing remote attacker to inject arbitrary commands. CVE-2021-45111 Incorrect access control allowing authenticated remote user to create user accounts and access restricted data. CVE-2021-44476, CVE-2021-23166 Incorrect access control allowing authenticated remote administrator to access local files on the server. CVE-2021-23186 Incorrect access control allowing authenticated remote administrator to modify database contents of other tenants. CVE-2021-23178 Incorrect access control allowing authenticated remote user to use another user's payment method. CVE-2021-23176 Incorrect access control allowing authenticated remote user to access accounting information. CVE-2021-23203 Incorrect access control allowing authenticated remote user to access arbitrary documents via PDF exports. For the stable distribution (bullseye), these problems have been fixed in version 14.0.0+dfsg.2-7+deb11u1. We recommend that you upgrade your odoo packages. For the detailed security status of odoo please refer to its security tracker page at: https://security-tracker.debian.org/tracker/odoo

Source

Debian Security Advisory

DSA-5399-1 odoo -- security update

Date Reported:
05 May 2023
Affected Packages:
odoo
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2021-23166, CVE-2021-23176, CVE-2021-23178, CVE-2021-23186, CVE-2021-23203, CVE-2021-26263, CVE-2021-26947, CVE-2021-44476, CVE-2021-44775, CVE-2021-45071, CVE-2021-45111.
More information:

Several vulnerabilities were discovered in odoo, a suite of web based open source business apps.

  • CVE-2021-44775, CVE-2021-26947, CVE-2021-45071, CVE-2021-26263

    XSS allowing remote attacker to inject arbitrary commands.

  • CVE-2021-45111

    Incorrect access control allowing authenticated remote user to create user accounts and access restricted data.

  • CVE-2021-44476, CVE-2021-23166

    Incorrect access control allowing authenticated remote administrator to access local files on the server.

  • CVE-2021-23186

    Incorrect access control allowing authenticated remote administrator to modify database contents of other tenants.

  • CVE-2021-23178

    Incorrect access control allowing authenticated remote user to use another user's payment method.

  • CVE-2021-23176

    Incorrect access control allowing authenticated remote user to access accounting information.

  • CVE-2021-23203

    Incorrect access control allowing authenticated remote user to access arbitrary documents via PDF exports.

For the stable distribution (bullseye), these problems have been fixed in version 14.0.0+dfsg.2-7+deb11u1.

We recommend that you upgrade your odoo packages.

For the detailed security status of odoo please refer to its security tracker page at: https://security-tracker.debian.org/tracker/odoo

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started