admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-232xx/CVE-2021-23203.json
cad-safe-bot 3d55109558 Auto-Update: 2025-02-03T19:00:25.115614+00:00
2025-02-03 19:03:51 +00:00

170 lines
4.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-23203",
"sourceIdentifier": "security@odoo.com",
"published": "2023-04-25T19:15:09.403",
"lastModified": "2025-02-03T18:15:27.300",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@odoo.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@odoo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:odoo:odoo:14.0:*:*:*:community:*:*:*",
"matchCriteriaId": "4D952E47-04E1-4146-A3AA-3804A1AB52DA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:odoo:odoo:14.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "BEB5354F-C1AC-48D6-8922-656F952442A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:odoo:odoo:15.0:*:*:*:community:*:*:*",
"matchCriteriaId": "EBD0BABD-16C5-449D-8BE7-9E948A509FA5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:odoo:odoo:15.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "24A23452-4857-4F4B-AA5A-944F9073A554"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/odoo/odoo/issues/107695",
"source": "security@odoo.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5399",
"source": "security@odoo.com"
},
{
"url": "https://github.com/odoo/odoo/issues/107695",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5399",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}
Reference in New Issue View Git Blame Copy Permalink