cvelist/2020/29xxx/CVE-2020-29396.json

{
    "data_type": "CVE",
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2020-29396",
        "ASSIGNER": "security@odoo.com",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Odoo Community",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": ">=",
                                            "version_value": "11.0"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "Odoo Enterprise",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": ">=",
                                            "version_value": "11.0"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "Odoo Community",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_value": "13.0"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "Odoo Enterprise",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_value": "13.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Odoo"
                }
            ]
        }
    },
    "credit": [
        {
            "lang": "eng",
            "value": "Toufik Ben Jaa"
        },
        {
            "lang": "eng",
            "value": "St\u00e9phane Debauche"
        },
        {
            "lang": "eng",
            "value": "Beno\u00eet FONTAINE"
        }
    ],
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation."
            }
        ]
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": " CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
            "version": "3.0"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-267: Privilege Defined With Unsafe Actions"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://github.com/odoo/odoo/issues/63712",
                "name": "https://github.com/odoo/odoo/issues/63712"
            },
            {
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html",
                "refsource": "MISC",
                "name": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
        ]
    },
    "source": {
        "advisory": "ODOO-SA-2020-12-02",
        "discovery": "EXTERNAL"
    }
}
"-Synchronized-Data." 2020-11-30 21:01:38 +00:00			`{`
			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"data_version": "4.0",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2020-29396",`
Odoo: ODOO-SA-2020-12-02 2020-12-22 17:16:24 +01:00			`"ASSIGNER": "security@odoo.com",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2020-11-30 21:01:38 +00:00			`},`
Odoo: ODOO-SA-2020-12-02 2020-12-22 17:16:24 +01:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Odoo Community",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": ">=",`
			`"version_value": "11.0"`
			`}`
			`]`
			`}`
			`},`
			`{`
			`"product_name": "Odoo Enterprise",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": ">=",`
			`"version_value": "11.0"`
			`}`
			`]`
			`}`
			`},`
			`{`
			`"product_name": "Odoo Community",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<=",`
			`"version_value": "13.0"`
			`}`
			`]`
			`}`
			`},`
			`{`
			`"product_name": "Odoo Enterprise",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<=",`
			`"version_value": "13.0"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Odoo"`
			`}`
			`]`
			`}`
			`},`
			`"credit": [`
			`{`
			`"lang": "eng",`
			`"value": "Toufik Ben Jaa"`
			`},`
			`{`
			`"lang": "eng",`
			`"value": "St\u00e9phane Debauche"`
			`},`
			`{`
			`"lang": "eng",`
			`"value": "Beno\u00eet FONTAINE"`
			`}`
			`],`
"-Synchronized-Data." 2020-11-30 21:01:38 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
Odoo: ODOO-SA-2020-12-02 2020-12-22 17:16:24 +01:00			`"value": "A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation."`
			`}`
			`]`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "LOW",`
			`"baseScore": 9.9,`
			`"baseSeverity": "CRITICAL",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "LOW",`
			`"scope": "CHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": " CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",`
			`"version": "3.0"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-267: Privilege Defined With Unsafe Actions"`
			`}`
			`]`
"-Synchronized-Data." 2020-11-30 21:01:38 +00:00			`}`
			`]`
Odoo: ODOO-SA-2020-12-02 2020-12-22 17:16:24 +01:00			`},`
			`"references": {`
			`"reference_data": [`
			`{`
"-Synchronized-Data." 2020-12-22 17:01:52 +00:00			`"refsource": "MISC",`
			`"url": "https://github.com/odoo/odoo/issues/63712",`
			`"name": "https://github.com/odoo/odoo/issues/63712"`
Oracle CPU July 2022 3rd Party CVEs On branch cna/Oracle/CPU2022Jul3rd Changes to be committed: modified: 2014/3xxx/CVE-2014-3643.json modified: 2016/1000xxx/CVE-2016-1000031.json modified: 2018/18xxx/CVE-2018-18074.json modified: 2018/1xxx/CVE-2018-1259.json modified: 2018/1xxx/CVE-2018-1273.json modified: 2018/1xxx/CVE-2018-1274.json modified: 2018/25xxx/CVE-2018-25032.json modified: 2018/8xxx/CVE-2018-8032.json modified: 2019/0xxx/CVE-2019-0219.json modified: 2019/0xxx/CVE-2019-0220.json modified: 2019/0xxx/CVE-2019-0227.json modified: 2019/10xxx/CVE-2019-10082.json modified: 2019/10xxx/CVE-2019-10086.json modified: 2019/17xxx/CVE-2019-17495.json modified: 2019/17xxx/CVE-2019-17566.json modified: 2019/17xxx/CVE-2019-17571.json modified: 2019/20xxx/CVE-2019-20388.json modified: 2019/20xxx/CVE-2019-20916.json modified: 2019/9xxx/CVE-2019-9636.json modified: 2019/9xxx/CVE-2019-9740.json modified: 2020/0xxx/CVE-2020-0404.json modified: 2020/10xxx/CVE-2020-10683.json modified: 2020/11xxx/CVE-2020-11022.json modified: 2020/11xxx/CVE-2020-11023.json modified: 2020/11xxx/CVE-2020-11987.json modified: 2020/13xxx/CVE-2020-13974.json modified: 2020/14xxx/CVE-2020-14343.json modified: 2020/17xxx/CVE-2020-17521.json modified: 2020/1xxx/CVE-2020-1747.json modified: 2020/1xxx/CVE-2020-1927.json modified: 2020/24xxx/CVE-2020-24977.json modified: 2020/25xxx/CVE-2020-25638.json modified: 2020/25xxx/CVE-2020-25649.json modified: 2020/25xxx/CVE-2020-25659.json modified: 2020/26xxx/CVE-2020-26137.json modified: 2020/26xxx/CVE-2020-26184.json modified: 2020/26xxx/CVE-2020-26185.json modified: 2020/26xxx/CVE-2020-26237.json modified: 2020/27xxx/CVE-2020-27619.json modified: 2020/27xxx/CVE-2020-27820.json modified: 2020/28xxx/CVE-2020-28052.json modified: 2020/28xxx/CVE-2020-28491.json modified: 2020/28xxx/CVE-2020-28500.json modified: 2020/29xxx/CVE-2020-29396.json modified: 2020/29xxx/CVE-2020-29505.json modified: 2020/29xxx/CVE-2020-29506.json modified: 2020/29xxx/CVE-2020-29507.json modified: 2020/29xxx/CVE-2020-29508.json modified: 2020/29xxx/CVE-2020-29651.json modified: 2020/35xxx/CVE-2020-35163.json modified: 2020/35xxx/CVE-2020-35164.json modified: 2020/35xxx/CVE-2020-35166.json modified: 2020/35xxx/CVE-2020-35167.json modified: 2020/35xxx/CVE-2020-35168.json modified: 2020/35xxx/CVE-2020-35169.json modified: 2020/35xxx/CVE-2020-35490.json modified: 2020/35xxx/CVE-2020-35491.json modified: 2020/35xxx/CVE-2020-35728.json modified: 2020/36xxx/CVE-2020-36179.json modified: 2020/36xxx/CVE-2020-36180.json modified: 2020/36xxx/CVE-2020-36181.json modified: 2020/36xxx/CVE-2020-36182.json modified: 2020/36xxx/CVE-2020-36183.json modified: 2020/36xxx/CVE-2020-36184.json modified: 2020/36xxx/CVE-2020-36185.json modified: 2020/36xxx/CVE-2020-36186.json modified: 2020/36xxx/CVE-2020-36187.json modified: 2020/36xxx/CVE-2020-36188.json modified: 2020/36xxx/CVE-2020-36189.json modified: 2020/36xxx/CVE-2020-36242.json modified: 2020/36xxx/CVE-2020-36518.json modified: 2020/4xxx/CVE-2020-4788.json modified: 2020/5xxx/CVE-2020-5258.json modified: 2020/5xxx/CVE-2020-5397.json modified: 2020/5xxx/CVE-2020-5398.json modified: 2020/7xxx/CVE-2020-7595.json modified: 2020/7xxx/CVE-2020-7656.json modified: 2020/7xxx/CVE-2020-7712.json modified: 2020/9xxx/CVE-2020-9484.json modified: 2020/9xxx/CVE-2020-9492.json modified: 2021/20xxx/CVE-2021-20322.json modified: 2021/21xxx/CVE-2021-21781.json modified: 2021/22xxx/CVE-2021-22118.json modified: 2021/22xxx/CVE-2021-22119.json modified: 2021/22xxx/CVE-2021-22931.json modified: 2021/22xxx/CVE-2021-22939.json modified: 2021/22xxx/CVE-2021-22940.json modified: 2021/22xxx/CVE-2021-22946.json modified: 2021/22xxx/CVE-2021-22947.json modified: 2021/23xxx/CVE-2021-23337.json modified: 2021/23xxx/CVE-2021-23450.json modified: 2021/23xxx/CVE-2021-23926.json modified: 2021/26xxx/CVE-2021-26291.json modified: 2021/29xxx/CVE-2021-29154.json modified: 2021/29xxx/CVE-2021-29425.json modified: 2021/29xxx/CVE-2021-29505.json modified: 2021/29xxx/CVE-2021-29921.json modified: 2021/30xxx/CVE-2021-30129.json modified: 2021/31xxx/CVE-2021-31684.json modified: 2021/31xxx/CVE-2021-31805.json modified: 2021/31xxx/CVE-2021-31811.json modified: 2021/31xxx/CVE-2021-31812.json modified: 2021/33xxx/CVE-2021-33560.json modified: 2021/33xxx/CVE-2021-33813.json modified: 2021/34xxx/CVE-2021-34141.json modified: 2021/34xxx/CVE-2021-34429.json modified: 2021/35xxx/CVE-2021-35043.json modified: 2021/35xxx/CVE-2021-35515.json modified: 2021/35xxx/CVE-2021-35516.json modified: 2021/35xxx/CVE-2021-35517.json modified: 2021/35xxx/CVE-2021-35940.json modified: 2021/36xxx/CVE-2021-36090.json modified: 2021/36xxx/CVE-2021-36373.json modified: 2021/36xxx/CVE-2021-36374.json modified: 2021/37xxx/CVE-2021-37136.json modified: 2021/37xxx/CVE-2021-37137.json modified: 2021/37xxx/CVE-2021-37159.json modified: 2021/37xxx/CVE-2021-37714.json modified: 2021/37xxx/CVE-2021-37750.json modified: 2021/38xxx/CVE-2021-38153.json modified: 2021/38xxx/CVE-2021-38296.json modified: 2021/38xxx/CVE-2021-38604.json modified: 2021/39xxx/CVE-2021-39139.json modified: 2021/39xxx/CVE-2021-39140.json modified: 2021/39xxx/CVE-2021-39141.json modified: 2021/39xxx/CVE-2021-39144.json modified: 2021/39xxx/CVE-2021-39145.json modified: 2021/39xxx/CVE-2021-39146.json modified: 2021/39xxx/CVE-2021-39147.json modified: 2021/39xxx/CVE-2021-39148.json modified: 2021/39xxx/CVE-2021-39149.json modified: 2021/39xxx/CVE-2021-39150.json modified: 2021/39xxx/CVE-2021-39151.json modified: 2021/39xxx/CVE-2021-39152.json modified: 2021/39xxx/CVE-2021-39153.json modified: 2021/39xxx/CVE-2021-39154.json modified: 2021/3xxx/CVE-2021-3177.json modified: 2021/3xxx/CVE-2021-3449.json modified: 2021/3xxx/CVE-2021-3450.json modified: 2021/3xxx/CVE-2021-3517.json modified: 2021/3xxx/CVE-2021-3518.json modified: 2021/3xxx/CVE-2021-3537.json modified: 2021/3xxx/CVE-2021-3572.json modified: 2021/3xxx/CVE-2021-3612.json modified: 2021/3xxx/CVE-2021-3672.json modified: 2021/3xxx/CVE-2021-3737.json modified: 2021/3xxx/CVE-2021-3743.json modified: 2021/3xxx/CVE-2021-3744.json modified: 2021/3xxx/CVE-2021-3749.json modified: 2021/3xxx/CVE-2021-3752.json modified: 2021/3xxx/CVE-2021-3772.json modified: 2021/3xxx/CVE-2021-3773.json modified: 2021/40xxx/CVE-2021-40690.json modified: 2021/41xxx/CVE-2021-41164.json modified: 2021/41xxx/CVE-2021-41165.json modified: 2021/41xxx/CVE-2021-41182.json modified: 2021/41xxx/CVE-2021-41183.json modified: 2021/41xxx/CVE-2021-41184.json modified: 2021/41xxx/CVE-2021-41303.json modified: 2021/41xxx/CVE-2021-41495.json modified: 2021/41xxx/CVE-2021-41496.json modified: 2021/41xxx/CVE-2021-41617.json modified: 2021/41xxx/CVE-2021-41771.json modified: 2021/41xxx/CVE-2021-41772.json modified: 2021/42xxx/CVE-2021-42340.json modified: 2021/42xxx/CVE-2021-42575.json modified: 2021/42xxx/CVE-2021-42739.json modified: 2021/43xxx/CVE-2021-43389.json modified: 2021/43xxx/CVE-2021-43396.json modified: 2021/43xxx/CVE-2021-43797.json modified: 2021/43xxx/CVE-2021-43818.json modified: 2021/43xxx/CVE-2021-43859.json modified: 2021/43xxx/CVE-2021-43976.json modified: 2021/44xxx/CVE-2021-44228.json modified: 2021/44xxx/CVE-2021-44531.json modified: 2021/44xxx/CVE-2021-44532.json modified: 2021/44xxx/CVE-2021-44533.json modified: 2021/44xxx/CVE-2021-44832.json modified: 2021/45xxx/CVE-2021-45046.json modified: 2021/45xxx/CVE-2021-45105.json modified: 2021/45xxx/CVE-2021-45485.json modified: 2021/45xxx/CVE-2021-45486.json modified: 2021/45xxx/CVE-2021-45943.json modified: 2021/4xxx/CVE-2021-4002.json modified: 2021/4xxx/CVE-2021-4083.json modified: 2021/4xxx/CVE-2021-4104.json modified: 2021/4xxx/CVE-2021-4115.json modified: 2021/4xxx/CVE-2021-4157.json modified: 2021/4xxx/CVE-2021-4160.json modified: 2021/4xxx/CVE-2021-4197.json modified: 2021/4xxx/CVE-2021-4203.json modified: 2022/0xxx/CVE-2022-0001.json modified: 2022/0xxx/CVE-2022-0002.json modified: 2022/0xxx/CVE-2022-0286.json modified: 2022/0xxx/CVE-2022-0322.json modified: 2022/0xxx/CVE-2022-0778.json modified: 2022/0xxx/CVE-2022-0839.json modified: 2022/1xxx/CVE-2022-1011.json modified: 2022/1xxx/CVE-2022-1154.json modified: 2022/1xxx/CVE-2022-1292.json modified: 2022/21xxx/CVE-2022-21824.json modified: 2022/22xxx/CVE-2022-22720.json modified: 2022/22xxx/CVE-2022-22721.json modified: 2022/22xxx/CVE-2022-22946.json modified: 2022/22xxx/CVE-2022-22947.json modified: 2022/22xxx/CVE-2022-22963.json modified: 2022/22xxx/CVE-2022-22965.json modified: 2022/22xxx/CVE-2022-22968.json modified: 2022/22xxx/CVE-2022-22969.json modified: 2022/22xxx/CVE-2022-22970.json modified: 2022/22xxx/CVE-2022-22971.json modified: 2022/22xxx/CVE-2022-22976.json modified: 2022/22xxx/CVE-2022-22978.json modified: 2022/23xxx/CVE-2022-23181.json modified: 2022/23xxx/CVE-2022-23218.json modified: 2022/23xxx/CVE-2022-23219.json modified: 2022/23xxx/CVE-2022-23221.json modified: 2022/23xxx/CVE-2022-23302.json modified: 2022/23xxx/CVE-2022-23305.json modified: 2022/23xxx/CVE-2022-23307.json modified: 2022/23xxx/CVE-2022-23308.json modified: 2022/23xxx/CVE-2022-23437.json modified: 2022/23xxx/CVE-2022-23457.json modified: 2022/23xxx/CVE-2022-23632.json modified: 2022/23xxx/CVE-2022-23772.json modified: 2022/23xxx/CVE-2022-23773.json modified: 2022/23xxx/CVE-2022-23806.json modified: 2022/24xxx/CVE-2022-24329.json modified: 2022/24xxx/CVE-2022-24407.json modified: 2022/24xxx/CVE-2022-24728.json modified: 2022/24xxx/CVE-2022-24729.json modified: 2022/24xxx/CVE-2022-24735.json modified: 2022/24xxx/CVE-2022-24736.json modified: 2022/24xxx/CVE-2022-24801.json modified: 2022/24xxx/CVE-2022-24823.json modified: 2022/24xxx/CVE-2022-24839.json modified: 2022/24xxx/CVE-2022-24891.json modified: 2022/25xxx/CVE-2022-25169.json modified: 2022/25xxx/CVE-2022-25636.json modified: 2022/25xxx/CVE-2022-25647.json modified: 2022/25xxx/CVE-2022-25762.json modified: 2022/25xxx/CVE-2022-25845.json modified: 2022/27xxx/CVE-2022-27778.json modified: 2022/29xxx/CVE-2022-29577.json modified: 2022/29xxx/CVE-2022-29824.json modified: 2022/29xxx/CVE-2022-29885.json modified: 2022/30xxx/CVE-2022-30126.json modified: 2022/34xxx/CVE-2022-34169.json 2022-07-19 14:38:32 -07:00			`},`
			`{`
"-Synchronized-Data." 2022-07-25 19:01:09 +00:00			`"url": "https://www.oracle.com/security-alerts/cpujul2022.html",`
			`"refsource": "MISC",`
			`"name": "https://www.oracle.com/security-alerts/cpujul2022.html"`
Odoo: ODOO-SA-2020-12-02 2020-12-22 17:16:24 +01:00			`}`
			`]`
			`},`
			`"source": {`
			`"advisory": "ODOO-SA-2020-12-02",`
			`"discovery": "EXTERNAL"`
"-Synchronized-Data." 2020-11-30 21:01:38 +00:00			`}`
			`}`