CVE-2018-14859

Incorrect access control in the password reset component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated users to reset the password of other users by being the first party to use the secure token.
References
Link Resource
https://github.com/odoo/odoo/issues/32510 Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:odoo:odoo:9.0:*:*:*:community:*:*:*
cpe:2.3:a:odoo:odoo:9.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:odoo:odoo:10.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:odoo:odoo:10.0:*:*:*:community:*:*:*
cpe:2.3:a:odoo:odoo:11.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:odoo:odoo:11.0:*:*:*:community:*:*:*

Information

Published : 2019-07-03 08:15

Updated : 2019-07-10 06:53


NVD link : CVE-2018-14859

Mitre link : CVE-2018-14859

Products Affected
No products.
CWE