Medium severity6.5NVD Advisory· Published Jun 4, 2017· Updated May 13, 2026

CVE-2017-9416

Description

Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to read arbitrary local files readable by the Odoo service.

Affected products

Odcms/Odoo3 versions
cpe:2.3:a:odoo:odoo:10.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:odoo:odoo:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:odoo:odoo:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:odoo:odoo:9.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/odoo/odoo/issues/17394nvdIssue TrackingPatchThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.013
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000