CVE-2012-0215
Debian Security Advisory 2444-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call.
model/modelstorage.py en el framework Tryton (trytond) anterior a v2.4.0 para Python no restringe correcteamente el acceso a el campo Many2Many en el modelo relacional, lo cual permite a usuarios remotos autenticados modificar los privilegios de usuarios arbitrarios mediante una llamada rpc (1) create, (2) write, (3) delete, or (4) copy.
It was discovered that the Tryton application framework for Python allows authenticated users to escalate their privileges by editing the Many2Many field.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-12-14 CVE Reserved
- 2012-03-29 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://bugs.tryton.org/issue2476 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| http://hg.tryton.org/trytond/rev/8e64d52ecea4 | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://news.tryton.org/2012/03/security-releases-for-all-supported.html | 2012-08-09 | |
| http://www.debian.org/security/2012/dsa-2444 | 2012-08-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tryton Search vendor "Tryton" | Trytond Search vendor "Tryton" for product "Trytond" | <= 2.2.3 Search vendor "Tryton" for product "Trytond" and version " <= 2.2.3" | - |
Affected
| ||||||
| Tryton Search vendor "Tryton" | Trytond Search vendor "Tryton" for product "Trytond" | 1.4.13 Search vendor "Tryton" for product "Trytond" and version "1.4.13" | - |
Affected
| ||||||
| Tryton Search vendor "Tryton" | Trytond Search vendor "Tryton" for product "Trytond" | 1.6.8 Search vendor "Tryton" for product "Trytond" and version "1.6.8" | - |
Affected
| ||||||
| Tryton Search vendor "Tryton" | Trytond Search vendor "Tryton" for product "Trytond" | 1.8.7 Search vendor "Tryton" for product "Trytond" and version "1.8.7" | - |
Affected
| ||||||
| Tryton Search vendor "Tryton" | Trytond Search vendor "Tryton" for product "Trytond" | 2.0.5 Search vendor "Tryton" for product "Trytond" and version "2.0.5" | - |
Affected
| ||||||