Medium severity4.3NVD Advisory· Published Apr 13, 2016· Updated May 6, 2026

CVE-2015-0861

Description

model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
trytondPyPI	>= 3.2.0, < 3.2.10	3.2.10
trytondPyPI	>= 3.4.0, < 3.4.8	3.4.8
trytondPyPI	>= 3.6.0, < 3.6.5	3.6.5
trytondPyPI	>= 3.8.0, < 3.8.1	3.8.1

Affected products

Tryton/Trytond
cpe:2.3:a:tryton:trytond:*:*:*:*:*:*:*:*
Range: >=3.2.0,<3.2.10
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugs.tryton.org/issue5167nvdExploitVendor AdvisoryWEB
www.debian.org/security/2015/dsa-3425nvdVendor AdvisoryWEB
www.tryton.org/posts/security-release-for-issue5167.htmlnvdVendor AdvisoryWEB
github.com/advisories/GHSA-c8q5-2j73-qvccghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2015-0861ghsaADVISORY
foss.heptapod.net/tryton/tryton/-/commit/06230c381593c79766c4d8dcc92da3391e3acad2ghsaWEB
github.com/pypa/advisory-database/tree/main/vulns/trytond/PYSEC-2016-11.yamlghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000