CVE-2020-29396
8.8
HIGH
CVSS 3.1
EPSS 1.8%
Description
A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation.
How to fix CVE-2020-29396
To remediate CVE-2020-29396, upgrade the affected package to a fixed version below.
- Bitnami/odoo—upgrade to 13.0.1 or later
Is CVE-2020-29396 being exploited?
Low — EPSS is 1.8%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 11.0.0, < 13.0.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |