CVE-2018-15640

Improper access control in the Helpdesk App of Odoo Enterprise 10.0 through 12.0 allows remote authenticated attackers to obtain elevated privileges via a crafted request. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt