Incorrect access control in the Password Encryption module in Odoo Community 9.0 and Odoo Enterprise 9.0 allows authenticated users to change the password of other users without knowing their current password via a crafted RPC call.
References
Link | Resource |
---|---|
https://github.com/odoo/odoo/commits/master | Third Party Advisory |
https://github.com/odoo/odoo/issues/32507 | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-06-28T17:36:34
Updated: 2019-06-28T17:36:34
Reserved: 2018-08-02T00:00:00
Link: CVE-2018-14868
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-06-28T18:15:10.473
Modified: 2020-08-24T17:37:01.140
Link: CVE-2018-14868
JSON object: View
Redhat Information
No data.
CWE