CVE-2016-1241
MEDIUM5.3EPSS 0.18%tryton-server - security update
Published: 5/17/2022Modified: 4/28/2026
Description
Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.
Affected packages (5)
- Debian/tryton-serverfrom 0, < 4.0.4-1
- Debian/tryton-serverfrom 0, < 3.4.0-3+deb8u2
- PyPI/trytonfrom 0, < 3.2.17
- PyPI/trytond>= 3.0.0, < 3.2.17
- PyPI/trytondfrom 0, < 3.2.17, >= 3.4, < 3.4.14, >= 3.6, < 3.6.12, >= 3.8, < 3.8.8, >= 4.0, < 4.0.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
References (10)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-1241
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-1241
- PATCHhttps://github.com/tryton/trytond
- WEBhttps://bugs.tryton.org/issue5795
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/trytond/PYSEC-2016-12.yaml
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/tryton/PYSEC-2016-40.yaml
- WEBhttps://github.com/tryton/trytond/commit/11424d57b7838381745655e2e89470ff9087cd27
- WEBhttps://github.com/tryton/trytond/commit/30d2a6dcaf09340829cd70ee8a15a4941ca7161a
- WEBhttp://www.debian.org/security/2016/dsa-3656
- WEBhttp://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html