Description

A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation.

Remediation

References

CVE-2020-29396

Related Vulnerabilities

Oracle HTTP Server Improper Encoding or Escaping of Output Vulnerability (CVE-2022-25235)

Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-2059)

EspoCRM Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2022-38845)

WordPress Plugin WP Prayer Cross-Site Scripting (1.6.1)

phpBB URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2015-3880)

Severity

High

Classification

CVE-2020-29396 CWE-269 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities