CVE-2021-44465

NameCVE-2021-44465
DescriptionImproper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows authenticated attackers to subscribe to receive future notifications and comments related to arbitrary business records in the system, via crafted RPC requests.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
odoo (PTS)bullseye, bullseye (security)14.0.0+dfsg.2-7+deb11u2fixed
sid18.0.0+dfsg-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
odoosource(unstable)(not affected)

Notes

- odoo <not-affected> (Fixed in initial upload to Debian)
https://github.com/odoo/odoo/issues/107692
Search for package or bug name: Reporting problems