Description

Odoo is a suite of business management software

Odoo DB manager is designed to be accessed by high privileged users only. It's not recommended to have Odoo DB manager publicly accessible even with enabled 'Masted Password'.

Remediation

Restrict access to Odoo DB manager

References

Odoo Help: securing /web/database/manager

Databases administration

Related Vulnerabilities

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-1924)

WordPress Plugin Customer Reviews for WooCommerce Multiple Vulnerabilities (5.3.5)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-0218)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2042)

phpMyFAQ Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-6048)

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Insecure Admin Access