Improper access control in the auth_oauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other users.
{ "cpes": [ "cpe:2.3:a:odoo:odoo:15.0:*:*:*:community:*:*:*", "cpe:2.3:a:odoo:odoo:15.0:*:*:*:enterprise:*:*:*", "cpe:2.3:a:odoo:odoo:*:*:*:*:community:*:*:*", "cpe:2.3:a:odoo:odoo:*:*:*:*:enterprise:*:*:*" ], "severity": "High" }