CVE-2021-44476

Description

A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files.

How to fix CVE-2021-44476

To remediate CVE-2021-44476, upgrade the affected package to a fixed version below.

Bitnami/odoo—upgrade to 15.0.1 or later
Debian/odoo—upgrade to 14.0.0+dfsg.2-7+deb11u1 or later

Is CVE-2021-44476 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 15.0.1
from 0, < 14.0.0+dfsg.2-7+deb11u1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

References (4)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2021-44476
WEBgithub.com/odoo/odoo/issues/107684
WEBnvd.nist.gov/vuln/detail/CVE-2021-44476
WEBwww.debian.org/security/2023/dsa-5399