CVE-2015-0861

Published: Apr 13, 2016Modified: May 6, 2026

4.3

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records.

Affected (5)

Products: Tryton: Trytond · Debian: Debian Linux

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Tryton Trytond	From 3.2.0 to 3.2.10
Tryton Trytond	From 3.4.0 to 3.4.8
Tryton Trytond	From 3.6.0 to 3.6.5
Tryton Trytond	From 3.8.0 to 3.8.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Related CWEs

CWE-264

References (6)

http://www.debian.org/security/2015/dsa-3425

Source: security@debian.org

Vendor Advisory

http://www.tryton.org/posts/security-release-for-issue5167.html

Source: security@debian.org

Vendor Advisory

https://bugs.tryton.org/issue5167

Source: security@debian.org

ExploitVendor Advisory

http://www.debian.org/security/2015/dsa-3425

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.tryton.org/posts/security-release-for-issue5167.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugs.tryton.org/issue5167

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.