Improper Access Control Vulnerability in Odoo Reporting Engine
CVE-2021-23176

6.5MEDIUM

Key Information:

Vendor: Odoo
Status: Odoo Community; Odoo Enterprise
Vendor: CVE Published:; 25 April 2023

What is CVE-2021-23176?

A vulnerability in the reporting engine of the l10n_fr_fec module in Odoo allows remote authenticated users to extract sensitive accounting information. This is due to improper access control, which can be exploited via crafted Remote Procedure Call (RPC) packets. Organizations using Odoo Community or Enterprise versions prior to 15.0 should assess their security posture and consider applying relevant remediation measures to prevent potential data breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Odoo Community 0 <= 15.0

Odoo Enterprise 0 <= 15.0

References

https://github.com/odoo/odoo/issues/107682

https://www.debian.org/security/2023/dsa-5399

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 25, 2023
Vulnerability Reserved
Dec 27, 2021

Credit

Florent Mirieu de Labarre

JSON

Odoo