Damien Lescos

**Name of the Vulnerable Software and Affected Versions** Odoo Community versions 14.0 and earlier Odoo Enterprise versions 14.0 and earlier **Description** The issue is related to improper access control, allowing remote authenticated users with access to contact management to modify user accounts. This can lead to privilege escalation. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For Odoo Community versions 14.0 and earlier, update to a version that includes the fix for this issue. For Odoo Enterprise versions 14.0 and earlier, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to contact management for remote authenticated users until a patch is available.