CVE-2012-0215

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2012-0215

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2012-0215.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2012-0215

Aliases

Related

DSA-2444-1

Published

2012-07-12T20:55:09Z

Modified

2025-04-11T00:51:21Z

Summary

[none]

Details

model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call.

References

Affected packages

Debian:11 / tryton-server

Package

Name: tryton-server
Purl: pkg:deb/debian/tryton-server?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.2-1

Ecosystem specific

{
    "urgency": "medium"
}

Debian:12 / tryton-server

Package

Name: tryton-server
Purl: pkg:deb/debian/tryton-server?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.2-1

Ecosystem specific

{
    "urgency": "medium"
}

Debian:13 / tryton-server

Package

Name: tryton-server
Purl: pkg:deb/debian/tryton-server?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.2-1

Ecosystem specific

{
    "urgency": "medium"
}