| |
Vulnerability CVE-2018-14859
Published: 2019-07-03
| Description: |
Incorrect access control in the password reset component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated users to reset the password of other users by being the first party to use the secure token. |
Type:
CWE-284 (Improper Access Control)
CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
5.5/10 |
4.9/10 |
8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
None |
References: |
https://github.com/odoo/odoo/issues/32510
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
