CVE-2018-14868

Published: Jun 28, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Incorrect access control in the Password Encryption module in Odoo Community 9.0 and Odoo Enterprise 9.0 allows authenticated users to change the password of other users without knowing their current password via a crafted RPC call.

Affected (2)

Products: Odoo: Odoo

Odoo

1 product

Odoo

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Odoo Odoo	Version 9.0
Odoo Odoo	Version 9.0

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

https://github.com/odoo/odoo/commits/master

Source: cve@mitre.org

Third Party Advisory

https://github.com/odoo/odoo/issues/32507

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/odoo/odoo/commits/master

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/odoo/odoo/issues/32507

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.