Your submission was sent successfully! Close

CVE-2015-0861

Published: 13 April 2016

model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records.

Priority

Medium

CVSS 3 base score: 4.3

Status

Package Release Status
tryton-server
Launchpad, Ubuntu, Debian
Upstream
Released (3.8.1-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(3.8.1-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(3.8.1-1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
Patches:
Upstream: https://codereview.tryton.org/22631002

Notes

AuthorNote
debian
Mathias Behrle told us that affected versions are >= 3.2 and < 3.8.1

References

Bugs