Incorrect access control in the password reset component in Odoo Community 11.0 and previous versions and Odoo Enterprise 11.0 and previous versions allows authenticated users to reset the password of other users by being the first party to use the secure token.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
odoo odoo 10.0 |
||
odoo odoo 11.0 |
||
odoo odoo 9.0 |