HIGH🇬🇧 English

CVE-2020-29396

CVSS 8.8v3.1pub. 2020-12-22upd. 2024-11-21

A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Odoo

    APP
    Odoo
    11.0 – 13.0
  • Python

    APP
    Python
    ≥ 3.6.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCELPE
CWE
Referencje

Powiązane podatności

CVE-2022-48565CRITICAL9.8ten sam produkt

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accep...

CVE-2021-44547CRITICAL9.1ten sam produkt

A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to exec...

CVE-2022-37454CRITICAL9.8ten sam produkt

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer ove...

CVE-2021-29921CRITICAL9.8ten sam produkt

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP addres...

CVE-2021-3177CRITICAL9.8ten sam produkt

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote ...