CVE-2016-1242
MEDIUM4.4EPSS 0.16%tryton-server - security update
發布日:2022/5/17修改日:2026/4/28
描述
file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.
受影響套件(5)
- Debian/tryton-serverfrom 0, < 4.0.4-1
- Debian/tryton-serverfrom 0, < 2.2.4-1+deb7u3
- PyPI/trytonfrom 0, < 3.2.17
- PyPI/trytondfrom 0, < 3.2.17
- PyPI/trytondfrom 0, < 3.2.17, >= 3.4, < 3.4.14, >= 3.6, < 3.6.12, >= 3.8, < 3.8.8, >= 4.0, < 4.0.4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM4.4 | CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N |
參考連結(8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-1242
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-1242
- PATCHhttps://github.com/tryton/trytond
- WEBhttps://bugs.tryton.org/issue5808
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/trytond/PYSEC-2016-13.yaml
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/tryton/PYSEC-2016-41.yaml
- WEBhttp://www.debian.org/security/2016/dsa-3656
- WEBhttp://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html