Skip to main content

Privilege Defined With Unsafe Actions

CVE-2021-44547

Severity High
Score 9.1/10

Summary

A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation.

  • LOW
  • NETWORK
  • HIGH
  • CHANGED
  • NONE
  • HIGH
  • HIGH
  • HIGH

CWE-267 - Privilege Defined With Unsafe Actions

A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.

References

Advisory Timeline

  • Published