PT-2012-2406 · Tryton · Tryton

Published

2012-07-12

Updated

2022-05-04

CVE-2012-0215

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions trytond versions prior to 2.4.0

Description The issue concerns improper access restriction to the Many2Many field in the relation model. This allows remote authenticated users to modify the privileges of arbitrary users via specific rpc calls, including create, write, delete, or copy operations.

Recommendations For versions prior to 2.4.0, update to version 2.4.0 or later to resolve the issue.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-264

Related Identifiers

CVE-2012-0215

DSA-2444-1

GHSA-CQG4-RF29-3MV6

PYSEC-2012-6

Affected Products

Tryton

PT-2012-2406 · Tryton · Tryton

CVE-2012-0215

Weakness Enumeration

Related Identifiers

Affected Products

References · 14