Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Python trytond 安全限制绕过漏洞
Vulnerability Description
Python是Python软件基金会的一套开源的、面向对象的程序设计语言。该语言具有可扩展、支持模块和包、支持多种平台等特点。 Python trytond模块 2.4.0之前版本中存在漏洞,该漏洞源于未正确验证关系模型中的"Many2Many"字段的访问权限。攻击者可利用该漏洞添加用户到其他组并获取其他权限。
CVSS Information
N/A
Vulnerability Type
N/A