CVE-2017-10805 : What You Need to Know

An issue related to incorrect access control on OAuth tokens has been identified in Odoo versions 8.0, Odoo Community Edition 9.0 and 10.0, as well as Odoo Enterprise Edition 9.0 and 10.0. This vulnerability enables remote authenticated users to potentially hijack OAuth sessions of other users.

Understanding CVE-2017-10805

This CVE involves a security vulnerability in Odoo versions that could allow remote authenticated users to hijack OAuth sessions.

What is CVE-2017-10805?

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, incorrect access control on OAuth tokens in the OAuth module allows remote authenticated users to hijack OAuth sessions of other users.

The Impact of CVE-2017-10805

This vulnerability could lead to unauthorized access and potential session hijacking by remote authenticated users.

Technical Details of CVE-2017-10805

This section provides more technical insights into the CVE.

Vulnerability Description

The vulnerability in Odoo versions allows for incorrect access control on OAuth tokens, enabling the hijacking of OAuth sessions by remote authenticated users.

Affected Systems and Versions

Odoo 8.0
Odoo Community Edition 9.0 and 10.0
Odoo Enterprise Edition 9.0 and 10.0

Exploitation Mechanism

The vulnerability can be exploited by remote authenticated users to potentially hijack OAuth sessions of other users.

Mitigation and Prevention

It is crucial to take immediate steps to address and prevent the exploitation of this vulnerability.

Immediate Steps to Take

Update Odoo to the latest patched version.
Monitor OAuth sessions for any suspicious activity.

Long-Term Security Practices

Regularly review and update access control mechanisms.
Conduct security training for users on OAuth best practices.

Patching and Updates

Ensure that all systems running affected Odoo versions are promptly patched with the latest security updates.