CyberSec.Space Logo
Back to CVE Browser

CVE-2012-0215

MEDIUM
5.5
CVSS Severity Score
EPSS Score0.0940%
EPSS Percentile43.93th
PublishedJul 12, 2012
Last ModifiedApr 29, 2026

Vulnerability Description

model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call.

Affected Platforms (CPE)

πŸ“¦
Tryton

Trytond

<= 2.2.3
πŸ“¦
Tryton

Trytond

= 1.4.13
πŸ“¦
Tryton

Trytond

= 1.6.8
πŸ“¦
Tryton

Trytond

= 1.8.7
πŸ“¦
Tryton

Trytond

= 2.0.5

References & Advisories

πŸ”— http://hg.tryton.org/trytond/rev/8e64d52ecea4
πŸ”— http://news.tryton.org/2012/03/security-releases-for-all-supported.html
πŸ”— http://www.debian.org/security/2012/dsa-2444
πŸ”— https://bugs.tryton.org/issue2476
πŸ”— http://hg.tryton.org/trytond/rev/8e64d52ecea4
πŸ”— http://news.tryton.org/2012/03/security-releases-for-all-supported.html
πŸ”— http://www.debian.org/security/2012/dsa-2444
πŸ”— https://bugs.tryton.org/issue2476

Related Vulnerabilities

CVE-2014-66338.8

The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x...

CVE-2012-22387.5

trytond 2.4: ModelView.button fails to validate authorization

CVE-2015-08614.3

model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote...

CVE-2012-280410.0

Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack ...