A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files.
Weakness
A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Odoo | Odoo | * | 15.0 (including) |
| Odoo | Ubuntu | kinetic | * |
| Odoo | Ubuntu | lunar | * |
| Odoo | Ubuntu | mantic | * |
| Odoo | Ubuntu | oracular | * |
| Odoo | Ubuntu | plucky | * |
| Odoo | Ubuntu | trusty | * |
| Odoo | Ubuntu | xenial | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/58.html
- https://cwe.mitre.org/data/definitions/634.html
- https://cwe.mitre.org/data/definitions/637.html
- https://cwe.mitre.org/data/definitions/643.html
- https://cwe.mitre.org/data/definitions/648.html