Several vulnerabilities were discovered in odoo, a suite of web based open source business apps. CVE-2021-44775, CVE-2021-26947, CVE-2021-45071, CVE-2021-26263 XSS allowing remote attacker to inject arbitrary commands. CVE-2021-45111 Incorrect access control allowing authenticated remote user to create user accounts and access restricted data. CVE-2021-44476, CVE-2021-23166 Incorrect access control allowing authenticated remote administrator to access local files on the server. CVE-2021-23186 Incorrect access control allowing authenticated remote administrator to modify database contents of other tenants. CVE-2021-23178 Incorrect access control allowing authenticated remote user to use another user's payment method. CVE-2021-23176 Incorrect access control allowing authenticated remote user to access accounting information. CVE-2021-23203 Incorrect access control allowing authenticated remote user to access arbitrary documents via PDF exports. For the stable distribution (bullseye), these problems have been fixed in version 14.0.0+dfsg.2-7+deb11u1. We recommend that you upgrade your odoo packages. For the detailed security status of odoo please refer to its security tracker page at: https://security-tracker.debian.org/tracker/odoo
Several vulnerabilities were discovered in odoo, a suite of web based open source business apps.
XSS allowing remote attacker to inject arbitrary commands.
Incorrect access control allowing authenticated remote user to create user accounts and access restricted data.
Incorrect access control allowing authenticated remote administrator to access local files on the server.
Incorrect access control allowing authenticated remote administrator to modify database contents of other tenants.
Incorrect access control allowing authenticated remote user to use another user's payment method.
Incorrect access control allowing authenticated remote user to access accounting information.
Incorrect access control allowing authenticated remote user to access arbitrary documents via PDF exports.
For the stable distribution (bullseye), these problems have been fixed in version 14.0.0+dfsg.2-7+deb11u1.
We recommend that you upgrade your odoo packages.
For the detailed security status of odoo please refer to its security tracker page at: https://security-tracker.debian.org/tracker/odoo