CVE-2016-1241 – trytond

Package

Manager: pip
Name: trytond
Vulnerable Version: >=3.0.0 <3.2.17 || >=3.4.0 <3.4.14 || >=3.8.0 <3.8.8 || >=3.6.0 <3.6.12 || >=4.0.0 <4.0.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00241 pctl0.47289

Details

Tryton allows users to read the hashed password Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.

Metadata

Created: 2022-05-17T03:49:11Z
Modified: 2024-11-22T18:20:17Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-52j9-v3jc-9xgc/GHSA-52j9-v3jc-9xgc.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-52j9-v3jc-9xgc
Finding: F038
Auto approve: 1