Alexandre Diaz

**Name of the Vulnerable Software and Affected Versions** Odoo Community versions 14.0 and earlier Odoo Enterprise versions 14.0 and earlier **Description** The issue is related to improper access control in the mail module, specifically affecting channel partners. This allows remote authenticated users to subscribe to arbitrary mail channels without an invitation. **Recommendations** For Odoo Community versions 14.0 and earlier, update to a version later than 14.0 to resolve the issue. For Odoo Enterprise versions 14.0 and earlier, update to a version later than 14.0 to resolve the issue. As a temporary workaround, consider restricting access to the mail module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Odoo Community versions 13.0 and earlier Odoo Enterprise versions 13.0 and earlier **Description** The issue is related to improper access control, allowing remote authenticated users to modify translated terms. This can lead to arbitrary content modification on translatable elements. **Recommendations** For Odoo Community versions 13.0 and earlier, update to a version later than 13.0 to resolve the issue. For Odoo Enterprise versions 13.0 and earlier, update to a version later than 13.0 to resolve the issue. As a temporary workaround, consider restricting access to the translation functionality until a patch is available.