Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows users with deactivated accounts to access the system with the deactivated account and any permission it still holds, via crafted RPC requests.
References
Link | Resource |
---|---|
https://github.com/odoo/odoo/issues/107685 | Issue Tracking Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: odoo
Published: 2023-04-25T18:33:33.360Z
Updated: 2023-04-25T18:33:33.360Z
Reserved: 2021-12-27T06:17:50.956Z
Link: CVE-2021-44460
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-04-25T19:15:09.600
Modified: 2023-05-02T19:51:34.470
Link: CVE-2021-44460
JSON object: View
Redhat Information
No data.
CWE