CVE-2012-0215
Published: 12 July 2012
model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call.
Priority
Status
Package | Release | Status |
---|---|---|
tryton-server Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Ignored
(end of life)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Released
(1.6.1-2+squeeze1build0.11.04.1)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Not vulnerable
(2.2.3-1)
|
|
raring |
Not vulnerable
(2.2.3-1)
|
|
saucy |
Not vulnerable
(2.2.3-1)
|
|
trusty |
Does not exist
(trusty was not-affected [2.2.3-1])
|
|
upstream |
Released
(2.2.2-1)
|
|
utopic |
Not vulnerable
(2.2.3-1)
|
|
vivid |
Not vulnerable
(2.2.3-1)
|
|
wily |
Not vulnerable
(2.2.3-1)
|
|
xenial |
Not vulnerable
(2.2.3-1)
|
|
yakkety |
Not vulnerable
(2.2.3-1)
|
|
zesty |
Not vulnerable
(2.2.3-1)
|