CVE-2015-0861 — Trytond vulnerability

CWE-2648 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 51.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tryton Trytond Debian Tryton-server Debian Linux

Timeline

PublishedApr 13

Latest updateMay 14

Description

model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶NVDtryton/trytond3.2.0 — 3.2.10+3

▶PyPItryton/trytond3.2.0 — 3.2.10+3

▶debiandebian/tryton-server< tryton-server 3.8.1-1 (bookworm)

Also affects: Debian Linux 8.0

🔴Vulnerability Details

OSV

trytond arbitrary fields write via a sequence of records↗2022-05-14

▶

GHSA

trytond arbitrary fields write via a sequence of records↗2022-05-14

▶

OSV

CVE-2015-0861: model/modelstorage↗2016-04-13

▶

📋Vendor Advisories

Debian

CVE-2015-0861: tryton-server - model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x ...↗2015

▶

💬Community

Bugzilla

CVE-2015-0861 trytond: Missing checks of access permissions when writing to record fields [fedora-all]↗2015-12-21

▶

Bugzilla

CVE-2015-0861 trytond: Missing checks of access permissions when writing to record fields↗2015-12-21

▶

Bugzilla

CVE-2015-0861 trytond: Missing checks of access permissions when writing to record fields [epel-all]↗2015-12-21

▶