Description

A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation.

Remediation

References

CVE-2020-29396

Related Vulnerabilities

TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4602)

XWiki CVE-2023-40573 Vulnerability (CVE-2023-40573)

WordPress Plugin Defender Security-Malware Scanner, Login Security & Firewall Cross-Site Request Forgery (2.4.6)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-32478)

WordPress Plugin Free Live Chat Support Cross-Site Request Forgery (1.0.11)

Severity

High

Classification

CVE-2020-29396 CWE-269 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities