Back to search
CVE-2012-0215
Published: Jul 12, 2012
Modified: Sep 16, 2024
PUBLISHED
Description
model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-2444
vendor-advisory
x_refsource_DEBIAN
https://bugs.tryton.org/issue2476
x_refsource_CONFIRM
http://hg.tryton.org/trytond/rev/8e64d52ecea4
x_refsource_CONFIRM
http://news.tryton.org/2012/03/security-releases-for-all-supported.html
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now