PT-2020-17159 · Python+1 · Python+2

Benoît Fontaine

Published

2020-12-22

Updated

2025-09-25

CVE-2020-29396

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions Odoo Community versions 11.0 through 13.0 Odoo Enterprise versions 11.0 through 13.0

Description A sandboxing issue, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation.

Recommendations For Odoo Community versions 11.0 through 13.0, update to a version that includes a fix for this issue. For Odoo Enterprise versions 11.0 through 13.0, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-267

Related Identifiers

BIT-ODOO-2020-29396

CVE-2020-29396

Affected Products

Odoo Community

Odoo Enterprise

Python

PT-2020-17159 · Python+1 · Python+2

CVE-2020-29396

Weakness Enumeration

Related Identifiers

Affected Products

References · 10