model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records.
References
Link | Resource |
---|---|
http://www.debian.org/security/2015/dsa-3425 | Vendor Advisory |
http://www.tryton.org/posts/security-release-for-issue5167.html | Vendor Advisory |
https://bugs.tryton.org/issue5167 | Exploit Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: debian
Published: 2016-04-13T15:00:00
Updated: 2016-04-13T14:57:01
Reserved: 2015-01-07T00:00:00
Link: CVE-2015-0861
JSON object: View
NVD Information
Status : Analyzed
Published: 2016-04-13T15:59:00.133
Modified: 2019-02-01T16:42:15.603
Link: CVE-2015-0861
JSON object: View
Redhat Information
No data.
CWE