Odoo · Odoo Community · CVE-2024-12368
**Name of the Vulnerable Software and Affected Versions**
Odoo Community version 15.0
Odoo Enterprise version 15.0
**Description**
The issue is related to improper access control in the auth oauth module, allowing an internal user to export the OAuth tokens of other users.
**Recommendations**
For Odoo Community version 15.0, update the auth oauth module to enforce proper access control.
For Odoo Enterprise version 15.0, update the auth oauth module to enforce proper access control.
As a temporary workaround, consider restricting access to the auth oauth module to minimize the risk of exploitation.