Vulnerabilities > CVE-2017-10805 - Incorrect Authorization vulnerability in Odoo 10.0/8.0/9.0

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
odoo
CWE-863

Summary

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, incorrect access control on OAuth tokens in the OAuth module allows remote authenticated users to hijack OAuth sessions of other users.

Vulnerable Configurations

Part Description Count
Application
Odoo
5

Common Weakness Enumeration (CWE)