High severityNVD Advisory· Published Jul 12, 2012· Updated Jun 16, 2026
CVE-2012-0215
CVE-2012-0215
Description
model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
trytondPyPI | < 2.4.0 | 2.4.0 |
Affected products
6cpe:2.3:a:tryton:trytond:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:tryton:trytond:*:*:*:*:*:*:*:*range: <=2.2.3
- cpe:2.3:a:tryton:trytond:1.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:tryton:trytond:1.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:tryton:trytond:1.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:tryton:trytond:2.0.5:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
9- hg.tryton.org/trytond/rev/8e64d52ecea4nvdExploitPatchWEB
- news.tryton.org/2012/03/security-releases-for-all-supported.htmlnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-cqg4-rf29-3mv6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-0215ghsaADVISORY
- www.debian.org/security/2012/dsa-2444nvdWEB
- bugs.tryton.org/issue2476nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/trytond/PYSEC-2012-6.yamlghsaWEB
- github.com/tryton/trytond/commit/d059ebb792401ded3129cd9402d7392dc34b81e3ghsaWEB
- web.archive.org/web/20121113201043/http://news.tryton.org/2012/03/security-releases-for-all-supported.htmlghsaWEB
News mentions
0No linked articles in our index yet.