High severityNVD Advisory· Published Nov 21, 2019· Updated Aug 6, 2024

CVE-2012-2238

Description

trytond 2.4: ModelView.button fails to validate authorization

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
trytondPyPI	>= 2.4.0, < 2.4.2	2.4.2

Affected products

Tryton/Trytondv5
Range: ≤ 2.4

Patches

4509595762da

Fix search button clause in ModelButton.get_groups

https://github.com/tryton/trytondCédric KrierSep 10, 2012via ghsa

commit

2 files changed · +2 −1

CHANGELOG+1 −0 modified

@@ -1,3 +1,4 @@
+* Fix search button clause in ModelButton.get_groups (CVE-2012-2238)
 * Merge all kind of buttons
 * Use XML id for board action instead of id
 * Add states attribute to notebook

trytond/ir/model.py+1 −1 modified

@@ -555,7 +555,7 @@ def get_groups(self, model, name):
         Return a set of group ids for the named button on the model.
         '''
         button_ids = self.search([
-                ('model', '=', model),
+                ('model.model', '=', model),
                 ('name', '=', name),
                 ])
         if not button_ids:

96cd5d58ea82

Fix search button clause in ModelButton.get_groups

https://github.com/tryton/trytondCédric KrierSep 10, 2012via ghsa

commit

2 files changed · +3 −1

CHANGELOG+2 −0 modified

@@ -1,3 +1,5 @@
+* Fix search button clause in ModelButton.get_groups (CVE-2012-2238)
+
 Version 2.4.1 - 2012-04-24
 * Restore es_AR translation

trytond/ir/model.py+1 −1 modified

@@ -522,7 +522,7 @@ def get_groups(self, model, name):
         Return a set of group ids for the named button on the model.
         '''
         button_ids = self.search([
-                ('model', '=', model),
+                ('model.model', '=', model),
                 ('name', '=', name),
                 ])
         if not button_ids:

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-jfgc-5vh4-8rh5ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2012-2238ghsaADVISORY
hg.tryton.org/2.4/trytond/rev/279f0031b461ghsax_refsource_MISCWEB
www.openwall.com/lists/oss-security/2012/09/11/10ghsax_refsource_MISCWEB
www.securityfocus.com/bid/55503mitrex_refsource_MISC
exchange.xforce.ibmcloud.com/vulnerabilities/78435ghsax_refsource_MISCWEB
github.com/pypa/advisory-database/tree/main/vulns/trytond/PYSEC-2019-211.yamlghsaWEB
github.com/tryton/trytond/commit/4509595762da0c08fdf182e2bdf952cbbe300667ghsaWEB
github.com/tryton/trytond/commit/96cd5d58ea82fb746b42dc2ebde9b8f531368d53ghsaWEB
security-tracker.debian.org/tracker/CVE-2012-2238ghsax_refsource_MISCWEB
web.archive.org/web/20200229115241/https://www.securityfocus.com/bid/55503ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000