CVE-2016-1242
MEDIUM4.4EPSS 0.16%tryton-server - security update
Published: 5/17/2022Modified: 4/28/2026
Also known as:DEBIAN-CVE-2016-1242
Description
file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.
Affected packages (5)
- Debian/tryton-serverfrom 0, < 4.0.4-1
- Debian/tryton-serverfrom 0, < 2.2.4-1+deb7u3
- PyPI/trytonfrom 0, < 3.2.17
- PyPI/trytondfrom 0, < 3.2.17
- PyPI/trytondfrom 0, < 3.2.17, >= 3.4, < 3.4.14, >= 3.6, < 3.6.12, >= 3.8, < 3.8.8, >= 4.0, < 4.0.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM4.4 | CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N |
References (8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-1242
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-1242
- PATCHhttps://github.com/tryton/trytond
- WEBhttps://bugs.tryton.org/issue5808
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/trytond/PYSEC-2016-13.yaml
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/tryton/PYSEC-2016-41.yaml
- WEBhttp://www.debian.org/security/2016/dsa-3656
- WEBhttp://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html