← voltar
CVE-2021-23178

CVE-2021-23178

CVSS 7.5 HIGHEPSS 0.6%CWE-284
Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows attackers to validate online payments with a tokenized payment method that belongs to another user, causing the victim's payment method to be charged instead.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Produtos afetados
Odoo · Odoo CommunityOdoo · Odoo Enterprise

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/odoo/odoo/issues/107690https://www.debian.org/security/2023/dsa-5399