CVE-2021-23178 Information

Description

Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows attackers to validate online payments with a tokenized payment method that belongs to another user causing the victim’s payment method to be charged instead.

Reference

https://github.com/odoo/odoo/issues/107690