CVE-2021-23178

Name of the Vulnerable Software and Affected Versions Odoo Community versions 15.0 and earlier Odoo Enterprise versions 15.0 and earlier

Description The issue is related to improper access control, allowing attackers to validate online payments using a tokenized payment method belonging to another user. This results in the victim's payment method being charged instead.

Recommendations For Odoo Community versions 15.0 and earlier, update to a version that includes the fix for this issue. For Odoo Enterprise versions 15.0 and earlier, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to tokenized payment methods to prevent unauthorized use. Restrict online payment validation to only allow the use of payment methods belonging to the authenticated user.