CVE-2017-10805

Published: Jul 4, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, incorrect access control on OAuth tokens in the OAuth module allows remote authenticated users to hijack OAuth sessions of other users.

Affected (5)

Products: Odoo: Odoo

Odoo

1 product

Odoo

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Odoo Odoo	Version 10.0
Odoo Odoo	Version 10.0
Odoo Odoo	Version 8.0
Odoo Odoo	Version 9.0
Odoo Odoo	Version 9.0

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://github.com/odoo/odoo/issues/17921

Source: cve@mitre.org

MitigationPatchThird Party Advisory

https://github.com/odoo/odoo/issues/17921

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationPatchThird Party Advisory

Timeline

No history available yet.