PT-2025-7903 · Odoo+1 · Odoo Community+2

Rafael Fedler

Published

2025-02-25

Updated

2025-03-02

CVE-2024-12368

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Odoo Community version 15.0 Odoo Enterprise version 15.0

Description The issue is related to improper access control in the auth oauth module, allowing an internal user to export the OAuth tokens of other users.

Recommendations For Odoo Community version 15.0, update the auth oauth module to enforce proper access control. For Odoo Enterprise version 15.0, update the auth oauth module to enforce proper access control. As a temporary workaround, consider restricting access to the auth oauth module to minimize the risk of exploitation.

Exploit

Fix

Improper Access Control

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-116

Related Identifiers

BDU:2026-02448

BIT-ODOO-2024-12368

CVE-2024-12368

Affected Products

Debian

Odoo Community

Odoo Enterprise

PT-2025-7903 · Odoo+1 · Odoo Community+2

CVE-2024-12368

Weakness Enumeration

Related Identifiers

Affected Products

References · 12