CVE-2018-14859

EUVD-2018-6741
Incorrect access control in the password reset component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated users to reset the password of other users by being the first party to use the secure token.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
odooodoo
9.0
odooodoo
9.0
odooodoo
10.0
odooodoo
10.0
odooodoo
11.0
odooodoo
11.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
odoo
bullseye
14.0.0+dfsg.2-7+deb11u2
fixed
bullseye (security)
14.0.0+dfsg.2-7+deb11u2
fixed
sid
17.0.0+dfsg3-1
fixed
Common Weakness Enumeration
References
https://github.com/odoo/odoo/issues/32510
https://github.com/odoo/odoo/issues/32510