CVE-2017-10805
First published: Tue Jul 04 2017(Updated: )
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, incorrect access control on OAuth tokens in the OAuth module allows remote authenticated users to hijack OAuth sessions of other users.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Odoo | =8.0 | |
| Odoo | =9.0 | |
| Odoo | =9.0 | |
| Odoo | =10.0 | |
| Odoo | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-10805?
CVE-2017-10805 is classified as a high severity vulnerability due to potential session hijacking risks.
How do I fix CVE-2017-10805?
To address CVE-2017-10805, update Odoo to the latest patched version or apply the necessary security patches provided by Odoo.
Who is affected by CVE-2017-10805?
CVE-2017-10805 affects Odoo versions 8.0, 9.0, and 10.0 for both Community and Enterprise Editions.
What can an attacker do with CVE-2017-10805?
An attacker exploiting CVE-2017-10805 can hijack OAuth sessions of other authenticated users.
Is CVE-2017-10805 a common vulnerability in Odoo?
Yes, CVE-2017-10805 is part of a series of vulnerabilities affecting access control in Odoo's OAuth implementation.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/author
- agent/remedy
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/odoo
- canonical/odoo
- version/odoo/8.0
- version/odoo/9.0
- version/odoo/10.0