CVE Vulnerabilities

CVE-2020-29396

Published: Dec 22, 2020 | Modified: Feb 02, 2023
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation.

Affected Software

Name Vendor Start Version End Version
Odoo Odoo 11.0 (including) 13.0 (including)
Odoo Ubuntu devel *
Odoo Ubuntu esm-apps/jammy *
Odoo Ubuntu esm-apps/noble *
Odoo Ubuntu hirsute *
Odoo Ubuntu impish *
Odoo Ubuntu jammy *
Odoo Ubuntu kinetic *
Odoo Ubuntu lunar *
Odoo Ubuntu mantic *
Odoo Ubuntu noble *
Odoo Ubuntu oracular *
Odoo Ubuntu trusty *

References