VYPR
Get started
← All advisories
High severity8.8NVD Advisory· Published Jul 4, 2017· Updated May 13, 2026

CVE-2017-10805

CVE-2017-10805

Description

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, incorrect access control on OAuth tokens in the OAuth module allows remote authenticated users to hijack OAuth sessions of other users.

Affected products

5
  • Odcms/Odoo5 versions
    cpe:2.3:a:odoo:odoo:8.0:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:odoo:odoo:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:odoo:odoo:9.0:*:*:*:community:*:*:*
    • cpe:2.3:a:odoo:odoo:9.0:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:odoo:odoo:10.0:*:*:*:community:*:*:*
    • cpe:2.3:a:odoo:odoo:10.0:*:*:*:enterprise:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.