Arbitrary PDF Report Download Vulnerability in Odoo Community and Enterprise 14.0-15.0

Arbitrary PDF Report Download Vulnerability in Odoo Community and Enterprise 14.0-15.0

CVE-2021-23203 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests.

Learn more about our Web Application Penetration Testing UK.