Description

A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation.

Remediation

References

CVE-2020-29396

Related Vulnerabilities

WordPress Plugin WordPress Ultra Simple Paypal Shopping Cart Multiple Cross-Site Scripting Vulnerabilities (4.3.9.0)

WordPress Plugin Pay Per Media Player Multiple Cross-Site Scripting Vulnerabilities (1.24)

Moodle Improper Validation of Integrity Check Value Vulnerability (CVE-2021-20184)

WordPress Plugin Uncanny Toolkit for LearnDash Cross-Site Request Forgery (3.6.3)

Joomla Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2007-4190)

Severity

High

Classification

CVE-2020-29396 CWE-269 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities