Wolfang Taferner

**Name of the Vulnerable Software and Affected Versions** Odoo versions 8.0, 9.0, and 10.0 Odoo Community Edition versions 9.0 and 10.0 Odoo Enterprise Edition versions 9.0 and 10.0 **Description** The issue is related to incorrect access control on OAuth tokens in the OAuth module, allowing remote authenticated users to hijack OAuth sessions of other users. **Recommendations** For Odoo version 8.0, update the OAuth module to enforce proper access control. For Odoo Community Edition versions 9.0 and 10.0, restrict access to the OAuth module until a fix is applied. For Odoo Enterprise Edition versions 9.0 and 10.0, consider disabling the OAuth module temporarily to prevent session hijacking.