Описание
Incorrect access control in the Password Encryption module in Odoo Community 9.0 and Odoo Enterprise 9.0 allows authenticated users to change the password of other users without knowing their current password via a crafted RPC call.
Ссылки
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:odoo:odoo:9.0:*:*:*:community:*:*:*
cpe:2.3:a:odoo:odoo:9.0:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 41%
0.0019
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 6.5
debian
больше 6 лет назад
Incorrect access control in the Password Encryption module in Odoo Com ...
github
больше 3 лет назад
Incorrect access control in the Password Encryption module in Odoo Community 9.0 and Odoo Enterprise 9.0 allows authenticated users to change the password of other users without knowing their current password via a crafted RPC call.
EPSS
Процентиль: 41%
0.0019
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-287