Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0215

Overview

Vulnerability Score 5.5 5.5
CVE Id CVE-2012-0215
Last Modified 09 Aug 2012 12:00:00
Published 12 Jul 2012 04:55:09
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-0215

Summary

model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call.

Vulnerable Systems

Application

  • Trytond 1.4.13

  • Trytond 1.6.8

  • Trytond 1.8.7

  • Trytond 2.0.5

  • Trytond 2.2.3


References

CONFIRM - http://hg.tryton.org/trytond/rev/8e64d52ecea4

CONFIRM - https://bugs.tryton.org/issue2476

DEBIAN - DSA-2444

CONFIRM - http://news.tryton.org/2012/03/security-releases-for-all-supported.html


Last Updated: 27 May 2016 10:54:52