Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests.

Related CVEs

CVE-2021-23203

Key Information

GHSA ID

GHSA-5fvm-8263-p85v

Published

April 25, 2023 9:30 PM

Last Modified

April 4, 2024 3:40 AM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 7, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.