CVE-2018-14859
First published: Wed Jul 03 2019(Updated: )
Incorrect access control in the password reset component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated users to reset the password of other users by being the first party to use the secure token.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Odoo Odoo | =9.0 | |
| Odoo Odoo | =9.0 | |
| Odoo Odoo | =10.0 | |
| Odoo Odoo | =10.0 | |
| Odoo Odoo | =11.0 | |
| Odoo Odoo | =11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-14859?
CVE-2018-14859 is a vulnerability in Odoo Community and Odoo Enterprise versions 11.0 and earlier that allows authenticated users to reset the password of other users.
What is the severity of CVE-2018-14859?
CVE-2018-14859 has a severity rating of 8.1 (high).
Which versions of Odoo are affected by CVE-2018-14859?
Versions 9.0, 10.0, and 11.0 of Odoo Community and Odoo Enterprise are affected by CVE-2018-14859.
How can authenticated users exploit CVE-2018-14859?
Authenticated users can exploit CVE-2018-14859 by being the first party to use the secure token in the password reset component.
Is there a fix for CVE-2018-14859?
Yes, a fix for CVE-2018-14859 is available. It is recommended to update to a patched version of Odoo to mitigate the vulnerability.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/odoo
- canonical/odoo odoo
- version/odoo odoo/9.0
- version/odoo odoo/10.0
- version/odoo odoo/11.0