Vulnerabilities > CVE-2017-10805 - Incorrect Authorization vulnerability in Odoo 10.0/8.0/9.0

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
odoo
CWE-863

Summary

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, incorrect access control on OAuth tokens in the OAuth module allows remote authenticated users to hijack OAuth sessions of other users.

Vulnerable Configurations

Part Description Count
Application
Odoo
5

Common Weakness Enumeration (CWE)