Parth Gajjar

**Name of the Vulnerable Software and Affected Versions** Odoo Community versions 15.0 and earlier Odoo Enterprise versions 15.0 and earlier **Description** The issue is related to improper access control, allowing attackers to validate online payments using a tokenized payment method belonging to another user. This results in the victim's payment method being charged instead. **Recommendations** For Odoo Community versions 15.0 and earlier, update to a version that includes the fix for this issue. For Odoo Enterprise versions 15.0 and earlier, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to tokenized payment methods to prevent unauthorized use. Restrict online payment validation to only allow the use of payment methods belonging to the authenticated user.