Bram Van Gaal

**Name of the Vulnerable Software and Affected Versions** Odoo Community version 17.0 Odoo Enterprise version 17.0 **Description** The issue is related to improper access control in the mail module, allowing remote authenticated attackers to extract sensitive information through a crafted attack that relies on an oracle-based yes/no response. **Recommendations** For Odoo Community version 17.0, update to a version that includes a fix for the improper access control issue in the mail module. For Odoo Enterprise version 17.0, update to a version that includes a fix for the improper access control issue in the mail module. As a temporary workaround, consider restricting access to the mail module to minimize the risk of exploitation.