CVE-2017-10805

Name of the Vulnerable Software and Affected Versions Odoo versions 8.0, 9.0, and 10.0 Odoo Community Edition versions 9.0 and 10.0 Odoo Enterprise Edition versions 9.0 and 10.0

Description The issue is related to incorrect access control on OAuth tokens in the OAuth module, allowing remote authenticated users to hijack OAuth sessions of other users.

Recommendations For Odoo version 8.0, update the OAuth module to enforce proper access control. For Odoo Community Edition versions 9.0 and 10.0, restrict access to the OAuth module until a fix is applied. For Odoo Enterprise Edition versions 9.0 and 10.0, consider disabling the OAuth module temporarily to prevent session hijacking.