Your submission was sent successfully! Close

CVE-2015-0861

Published: 13 April 2016

model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records.

Notes

AuthorNote
debian
Mathias Behrle told us that affected versions are >= 3.2 and < 3.8.1
Priority

Medium

CVSS 3 base score: 4.3

Status

Package Release Status
tryton-server
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(3.8.1-1)
precise Does not exist
(precise was needed)
trusty Does not exist
(trusty was not-affected [code not present])
upstream
Released (3.8.1-1)
vivid
Released (3.4.0-3+deb8u1build0.15.04.1)
wily Ignored
(reached end-of-life)
xenial Not vulnerable
(3.8.1-1)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)
Patches:
upstream: https://codereview.tryton.org/22631002