Python 'trytond' Module 'Many2Many' Field Security Bypass Vulnerability
BID:52804
Info
Python 'trytond' Module 'Many2Many' Field Security Bypass Vulnerability
| Bugtraq ID: | 52804 |
| Class: | Access Validation Error |
| CVE: |
CVE-2012-0215 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 29 2012 12:00AM |
| Updated: | Mar 19 2015 08:26AM |
| Credit: | Reported by the vendor. |
| Vulnerable: |
Tryton trytond 2.2.1 Red Hat Fedora 17 Red Hat Fedora 16 Red Hat Fedora 15 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 |
| Not Vulnerable: |
Tryton trytond 2.2.2 |
Discussion
Python 'trytond' Module 'Many2Many' Field Security Bypass Vulnerability
The 'trytond' module for Python is prone to a security-bypass vulnerability.
An authenticated attacker may exploit this issue to bypass certain security restrictions and gain elevated privileges. This may aid in further attacks.
Versions prior to trytond 2.2.2 are vulnerable.
http://drupal.org/node/207891
The 'trytond' module for Python is prone to a security-bypass vulnerability.
An authenticated attacker may exploit this issue to bypass certain security restrictions and gain elevated privileges. This may aid in further attacks.
Versions prior to trytond 2.2.2 are vulnerable.
http://drupal.org/node/207891
Exploit / POC
Python 'trytond' Module 'Many2Many' Field Security Bypass Vulnerability
Attackers can use readily available tools to exploit this issue.
Attackers can use readily available tools to exploit this issue.
References
Python 'trytond' Module 'Many2Many' Field Security Bypass Vulnerability
References:
References:
- Security Releases for all supported series (Tryton)
- trytond Module Download Page (Tryton)