CyberSec.Space Logo
Back to CVE Browser

CVE-2015-0861

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.1050%
EPSS Percentile42.46th
PublishedApr 13, 2016
Last ModifiedMay 6, 2026

Vulnerability Description

model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records.

Affected Platforms (CPE)

πŸ“¦
Tryton

Trytond

>= 3.2.0 and < 3.2.10
πŸ“¦
Tryton

Trytond

>= 3.4.0 and < 3.4.8
πŸ“¦
Tryton

Trytond

>= 3.6.0 and < 3.6.5
πŸ“¦
Tryton

Trytond

>= 3.8.0 and < 3.8.1
πŸ’»
Debian

Debian Linux

= 8.0

References & Advisories

πŸ”— http://www.debian.org/security/2015/dsa-3425
πŸ”— http://www.tryton.org/posts/security-release-for-issue5167.html
πŸ”— https://bugs.tryton.org/issue5167
πŸ”— http://www.debian.org/security/2015/dsa-3425
πŸ”— http://www.tryton.org/posts/security-release-for-issue5167.html
πŸ”— https://bugs.tryton.org/issue5167

Related Vulnerabilities

CVE-2014-66338.8

The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x...

CVE-2012-22387.5

trytond 2.4: ModelView.button fails to validate authorization

CVE-2012-02155.5

model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to t...

CVE-2015-033310.0

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux ...