CVEブラウザに戻る

CVE-2012-0215

MEDIUM

5.5

CVSS Severity Score

EPSS Score0.0940%

EPSS Percentile43.93th

Published2012年7月12日

Last Modified2026年4月29日

Vulnerability Description

model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call.

Affected Platforms (CPE)

📦

Tryton

Trytond

<= 2.2.3

📦

Tryton

Trytond

= 1.4.13

📦

Tryton

Trytond

= 1.6.8

📦

Tryton

Trytond

= 1.8.7

📦

Tryton

Trytond

= 2.0.5

References & Advisories

🔗 http://hg.tryton.org/trytond/rev/8e64d52ecea4

🔗 http://news.tryton.org/2012/03/security-releases-for-all-supported.html

🔗 http://www.debian.org/security/2012/dsa-2444

🔗 https://bugs.tryton.org/issue2476

🔗 http://hg.tryton.org/trytond/rev/8e64d52ecea4

🔗 http://news.tryton.org/2012/03/security-releases-for-all-supported.html

🔗 http://www.debian.org/security/2012/dsa-2444

🔗 https://bugs.tryton.org/issue2476

関連する脆弱性情報

CVE-2014-66338.8

The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x...

CVE-2012-22387.5

trytond 2.4: ModelView.button fails to validate authorization

CVE-2015-08614.3

model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote...

CVE-2012-280410.0

Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack ...