Lucene search

K
cveDebianCVE-2012-0215
HistoryJul 12, 2012 - 8:55 p.m.

CVE-2012-0215

2012-07-1220:55:09
CWE-264
debian
web.nvd.nist.gov
39
cve-2012-0215
tryton
security
access restriction
unauthorized modification
nvd
python

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

0.006

Percentile

77.9%

model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call.

Affected configurations

Nvd
Node
trytontrytondRange2.2.3
OR
trytontrytondMatch1.4.13
OR
trytontrytondMatch1.6.8
OR
trytontrytondMatch1.8.7
OR
trytontrytondMatch2.0.5
VendorProductVersionCPE
trytontrytond*cpe:2.3:a:tryton:trytond:*:*:*:*:*:*:*:*
trytontrytond1.4.13cpe:2.3:a:tryton:trytond:1.4.13:*:*:*:*:*:*:*
trytontrytond1.6.8cpe:2.3:a:tryton:trytond:1.6.8:*:*:*:*:*:*:*
trytontrytond1.8.7cpe:2.3:a:tryton:trytond:1.8.7:*:*:*:*:*:*:*
trytontrytond2.0.5cpe:2.3:a:tryton:trytond:2.0.5:*:*:*:*:*:*:*

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

0.006

Percentile

77.9%