CVE-2018-14859

Incorrect access control in the password reset component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated users to reset the password of other users by being the first party to use the secure token.
References
Link Resource
https://github.com/odoo/odoo/issues/32510 Patch Third Party Advisory
https://github.com/odoo/odoo/issues/32510 Patch Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:odoo:odoo:9.0:*:*:*:community:*:*:*
cpe:2.3:a:odoo:odoo:9.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:odoo:odoo:10.0:*:*:*:community:*:*:*
cpe:2.3:a:odoo:odoo:10.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:odoo:odoo:11.0:*:*:*:community:*:*:*
cpe:2.3:a:odoo:odoo:11.0:*:*:*:enterprise:*:*:*

History

21 Nov 2024, 03:49

Type Values Removed Values Added
References () https://github.com/odoo/odoo/issues/32510 - Patch, Third Party Advisory () https://github.com/odoo/odoo/issues/32510 - Patch, Third Party Advisory

Information

Published : 2019-07-03 20:15

Updated : 2024-11-21 03:49


NVD link : CVE-2018-14859

Mitre link : CVE-2018-14859

CVE.ORG link : CVE-2018-14859


JSON object : View

Products Affected

odoo

  • odoo
CWE
CWE-284

Improper Access Control