Candidate: CVE-2012-0215
PublicDate: 2012-07-12 20:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0215
 http://news.tryton.org/2012/03/security-releases-for-all-supported.html
Description:
 model/modelstorage.py in the Tryton application framework (trytond) before
 2.4.0 for Python does not properly restrict access to the Many2Many field
 in the relation model, which allows remote authenticated users to modify
 the privileges of arbitrary users via a (1) create, (2) write, (3) delete,
 or (4) copy rpc call.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.tryton.org/issue2476
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_tryton-server:
upstream_tryton-server: released (2.2.2-1)
hardy_tryton-server: DNE
lucid_tryton-server: ignored (reached end-of-life)
maverick_tryton-server: ignored (reached end-of-life)
natty_tryton-server: released (1.6.1-2+squeeze1build0.11.04.1)
oneiric_tryton-server: ignored (reached end-of-life)
precise_tryton-server: ignored (reached end-of-life)
precise/esm_tryton-server: DNE (precise was needed)
quantal_tryton-server: not-affected (2.2.3-1)
raring_tryton-server: not-affected (2.2.3-1)
saucy_tryton-server: not-affected (2.2.3-1)
trusty_tryton-server: not-affected (2.2.3-1)
trusty/esm_tryton-server: DNE (trusty was not-affected [2.2.3-1])
utopic_tryton-server: not-affected (2.2.3-1)
vivid_tryton-server: not-affected (2.2.3-1)
vivid/stable-phone-overlay_tryton-server: DNE
vivid/ubuntu-core_tryton-server: DNE
wily_tryton-server: not-affected (2.2.3-1)
xenial_tryton-server: not-affected (2.2.3-1)
yakkety_tryton-server: not-affected (2.2.3-1)
zesty_tryton-server: not-affected (2.2.3-1)
devel_tryton-server: not-affected (2.2.3-1)