Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2012-0215 | First vendor Publication | 2012-07-12 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:S/C:N/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5.5 | Attack Range | Network |
| Cvss Impact Score | 4.9 | Attack Complexity | Low |
| Cvss Expoit Score | 8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0215 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:15406 | |||
| Oval ID: | oval:org.mitre.oval:def:15406 | ||
| Title: | DSA-2444-1 tryton-server -- privilege escalation | ||
| Description: | It was discovered that the Tryton application framework for Python allows authenticated users to escalate their privileges by editing the Many2Many field. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2444-1 CVE-2012-0215 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | tryton-server |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 5 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-08-30 | Name : Fedora Update for trytond FEDORA-2012-4923 File : nvt/gb_fedora_2012_4923_trytond_fc17.nasl |
| 2012-04-30 | Name : Debian Security Advisory DSA 2444-1 (tryton-server) File : nvt/deb_2444_1.nasl |
| 2012-04-11 | Name : Fedora Update for trytond FEDORA-2012-4963 File : nvt/gb_fedora_2012_4963_trytond_fc16.nasl |
| 2012-04-11 | Name : Fedora Update for trytond FEDORA-2012-4988 File : nvt/gb_fedora_2012_4988_trytond_fc15.nasl |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2012-04-12 | Name : The remote Fedora host is missing a security update. File : fedora_2012-4923.nasl - Type : ACT_GATHER_INFO |
| 2012-04-09 | Name : The remote Fedora host is missing a security update. File : fedora_2012-4963.nasl - Type : ACT_GATHER_INFO |
| 2012-04-09 | Name : The remote Fedora host is missing a security update. File : fedora_2012-4988.nasl - Type : ACT_GATHER_INFO |
| 2012-03-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2444.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:01:09 |
|
| 2024-11-28 12:28:27 |
|
| 2021-05-05 01:09:53 |
|
| 2021-05-04 12:18:59 |
|
| 2021-04-22 01:22:42 |
|
| 2020-05-23 01:47:53 |
|
| 2020-05-23 00:32:37 |
|
| 2014-02-17 11:07:13 |
|
| 2013-05-10 22:31:56 |
|
