CVE-2016-1242 – trytond

Package

Manager: pip
Name: trytond
Vulnerable Version: >=0 <3.2.17 || >=3.4 <3.4.14 || >=3.6 <3.6.12 || >=3.8 <3.8.8 || >=4.0 <4.0.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00213 pctl0.43825

Details

Tryton allow authenticated users with certain permissions to read arbitrary files via the name parameter `file_open` in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.

Metadata

Created: 2022-05-17T03:05:04Z
Modified: 2024-11-22T18:17:33Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jpr7-8rxm-4vgx/GHSA-jpr7-8rxm-4vgx.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-jpr7-8rxm-4vgx
Finding: F310
Auto approve: 1