Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-0360 (GCVE-0-2017-0360)
Vulnerability from cvelistv5 – Published: 2017-04-04 17:00 – Updated: 2024-08-05 13:03
VLAI?
EPSS
Summary
file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.
Severity ?
No CVSS data available.
CWE
- information disclosure
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | tryton-server before 3.4.0-3+deb8u3 |
Affected:
tryton-server before 3.4.0-3+deb8u3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:03:57.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3826",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3826"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.tryton.org/trytond?cmd=changeset%3Bnode=472510fdc6f8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.debian.org/debian-security-announce/2017/msg00084.html"
},
{
"name": "97489",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97489"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "tryton-server before 3.4.0-3+deb8u3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "tryton-server before 3.4.0-3+deb8u3"
}
]
}
],
"datePublic": "2017-04-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a \"same root name but with a suffix\" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-3826",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3826"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.tryton.org/trytond?cmd=changeset%3Bnode=472510fdc6f8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.debian.org/debian-security-announce/2017/msg00084.html"
},
{
"name": "97489",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97489"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2017-0360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tryton-server before 3.4.0-3+deb8u3",
"version": {
"version_data": [
{
"version_value": "tryton-server before 3.4.0-3+deb8u3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a \"same root name but with a suffix\" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3826",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3826"
},
{
"name": "http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8",
"refsource": "CONFIRM",
"url": "http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8"
},
{
"name": "https://lists.debian.org/debian-security-announce/2017/msg00084.html",
"refsource": "CONFIRM",
"url": "https://lists.debian.org/debian-security-announce/2017/msg00084.html"
},
{
"name": "97489",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97489"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2017-0360",
"datePublished": "2017-04-04T17:00:00.000Z",
"dateReserved": "2016-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:03:57.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-7CWG-2575-3546
Vulnerability from github – Published: 2022-05-13 01:39 – Updated: 2024-11-18 22:54
VLAI?
Summary
Tryton Information Disclosure Vulnerability
Details
file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.
Severity ?
5.3 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "trytond"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"last_affected": "3.0.17"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "trytond"
},
"ranges": [
{
"events": [
{
"introduced": "3.2.0"
},
{
"last_affected": "3.2.17"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "trytond"
},
"ranges": [
{
"events": [
{
"introduced": "3.4.0"
},
{
"last_affected": "3.4.17"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "trytond"
},
"ranges": [
{
"events": [
{
"introduced": "3.6.0"
},
{
"last_affected": "3.6.16"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "trytond"
},
"ranges": [
{
"events": [
{
"introduced": "3.8.0"
},
{
"last_affected": "3.8.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "trytond"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"last_affected": "4.0.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.2.2"
},
"package": {
"ecosystem": "PyPI",
"name": "trytond"
},
"ranges": [
{
"events": [
{
"introduced": "4.2.0"
},
{
"fixed": "4.2.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-0360"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-22T22:57:56Z",
"nvd_published_at": "2017-04-04T17:59:00Z",
"severity": "MODERATE"
},
"details": "file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a \"same root name but with a suffix\" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.",
"id": "GHSA-7cwg-2575-3546",
"modified": "2024-11-18T22:54:23Z",
"published": "2022-05-13T01:39:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0360"
},
{
"type": "WEB",
"url": "https://github.com/tryton/trytond/commit/30e978593733385db3144f8c583eeb4679575cf0"
},
{
"type": "WEB",
"url": "https://github.com/tryton/trytond/commit/a67a7f03c30277515f530cad5950056171ed5bd1"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/trytond/PYSEC-2017-97.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tryton/trytond"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-security-announce/2017/msg00084.html"
},
{
"type": "WEB",
"url": "http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3826"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Tryton Information Disclosure Vulnerability"
}
PYSEC-2017-97
Vulnerability from pysec - Published: 2017-04-04 17:59 - Updated: 2021-08-27 03:22
VLAI?
Details
file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.
Impacted products
| Name | purl | trytond | pkg:pypi/trytond |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "trytond",
"purl": "pkg:pypi/trytond"
},
"ranges": [
{
"events": [
{
"introduced": "3"
},
{
"fixed": "4.2.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.0.0",
"3.0.1",
"3.0.10",
"3.0.11",
"3.0.12",
"3.0.13",
"3.0.14",
"3.0.15",
"3.0.16",
"3.0.17",
"3.0.2",
"3.0.3",
"3.0.4",
"3.0.5",
"3.0.6",
"3.0.7",
"3.0.8",
"3.0.9",
"3.2.0",
"3.2.1",
"3.2.10",
"3.2.11",
"3.2.12",
"3.2.13",
"3.2.14",
"3.2.15",
"3.2.16",
"3.2.17",
"3.2.18",
"3.2.2",
"3.2.3",
"3.2.4",
"3.2.5",
"3.2.6",
"3.2.7",
"3.2.8",
"3.2.9",
"3.4.0",
"3.4.1",
"3.4.10",
"3.4.11",
"3.4.12",
"3.4.13",
"3.4.14",
"3.4.15",
"3.4.16",
"3.4.17",
"3.4.18",
"3.4.2",
"3.4.3",
"3.4.4",
"3.4.5",
"3.4.6",
"3.4.7",
"3.4.8",
"3.4.9",
"3.6.0",
"3.6.1",
"3.6.10",
"3.6.11",
"3.6.12",
"3.6.13",
"3.6.14",
"3.6.15",
"3.6.16",
"3.6.17",
"3.6.18",
"3.6.19",
"3.6.2",
"3.6.3",
"3.6.4",
"3.6.5",
"3.6.6",
"3.6.7",
"3.6.8",
"3.6.9",
"3.8.0",
"3.8.1",
"3.8.10",
"3.8.11",
"3.8.12",
"3.8.13",
"3.8.14",
"3.8.15",
"3.8.16",
"3.8.17",
"3.8.18",
"3.8.2",
"3.8.3",
"3.8.4",
"3.8.5",
"3.8.6",
"3.8.7",
"3.8.8",
"3.8.9",
"4.0.0",
"4.0.1",
"4.0.10",
"4.0.11",
"4.0.12",
"4.0.13",
"4.0.14",
"4.0.15",
"4.0.16",
"4.0.17",
"4.0.18",
"4.0.19",
"4.0.2",
"4.0.20",
"4.0.3",
"4.0.4",
"4.0.5",
"4.0.6",
"4.0.7",
"4.0.8",
"4.0.9",
"4.2.0",
"4.2.1",
"4.2.2"
]
}
],
"aliases": [
"CVE-2017-0360"
],
"details": "file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a \"same root name but with a suffix\" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.",
"id": "PYSEC-2017-97",
"modified": "2021-08-27T03:22:48.689499Z",
"published": "2017-04-04T17:59:00Z",
"references": [
{
"type": "WEB",
"url": "https://lists.debian.org/debian-security-announce/2017/msg00084.html"
},
{
"type": "WEB",
"url": "http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97489"
},
{
"type": "ADVISORY",
"url": "http://www.debian.org/security/2017/dsa-3826"
}
]
}
GSD-2017-0360
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-0360",
"description": "file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a \"same root name but with a suffix\" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.",
"id": "GSD-2017-0360",
"references": [
"https://www.suse.com/security/cve/CVE-2017-0360.html",
"https://www.debian.org/security/2017/dsa-3826"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-0360"
],
"details": "file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a \"same root name but with a suffix\" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.",
"id": "GSD-2017-0360",
"modified": "2023-12-13T01:21:00.371260Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2017-0360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tryton-server before 3.4.0-3+deb8u3",
"version": {
"version_data": [
{
"version_value": "tryton-server before 3.4.0-3+deb8u3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a \"same root name but with a suffix\" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3826",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3826"
},
{
"name": "http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8",
"refsource": "CONFIRM",
"url": "http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8"
},
{
"name": "https://lists.debian.org/debian-security-announce/2017/msg00084.html",
"refsource": "CONFIRM",
"url": "https://lists.debian.org/debian-security-announce/2017/msg00084.html"
},
{
"name": "97489",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97489"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=3.0.0,\u003c=3.0.17||\u003e=3.2.0,\u003c=3.2.17||\u003e=3.4.0,\u003c=3.4.17 ||\u003e=3.6.0,\u003c=3.6.16||\u003e=3.8.0,\u003c=3.8.14||\u003e=4.0.0,\u003c=4.0.9||\u003e=4.2.0,\u003c=4.2.2",
"affected_versions": "All versions starting from 3.0.0 up to 3.0.17, all versions starting from 3.2.0 up to 3.2.17, all versions starting from 3.4.0 up to 3.4.17, all versions starting from 3.6.0 up to 3.6.16, all versions starting from 3.8.0 up to 3.8.14, all versions starting from 4.0.0 up to 4.0.9, all versions starting from 4.2.0 up to 4.2.2",
"cvss_v2": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-269",
"CWE-937"
],
"date": "2019-10-03",
"description": "`file_open` in Tryton allows remote authenticated users with certain permissions to read arbitrary files via a \"same root name but with a suffix\" attack.",
"fixed_versions": [
"3.2.18",
"3.6.17",
"3.8.15",
"4.0.10",
"4.2.3"
],
"identifier": "CVE-2017-0360",
"identifiers": [
"CVE-2017-0360"
],
"not_impacted": "All versions before 3.0.0, all versions after 3.0.17 before 3.2.0, all versions after 3.2.17 before 3.4.0, all versions after 3.4.17 before 3.6.0, all versions after 3.6.16 before 3.8.0, all versions after 3.8.14 before 4.0.0, all versions after 4.0.9 before 4.2.0, all versions after 4.2.2",
"package_slug": "pypi/tryton",
"pubdate": "2017-04-04",
"solution": "Upgrade to versions 3.2.18, 3.6.17, 3.8.15, 4.0.10, 4.2.3 or above.",
"title": "Improper Privilege Management",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2017-0360",
"http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8",
"http://www.securityfocus.com/bid/97489"
],
"uuid": "37b454da-f5e2-42bc-a435-32345dfa1e9c"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.2.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.2.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.0.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.2.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.2.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.2.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.2.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.2.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.0.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.2.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.2.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:4.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:4.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:4.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:4.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:4.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:4.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:4.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:4.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:4.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:4.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:4.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2017-0360"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a \"same root name but with a suffix\" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.debian.org/debian-security-announce/2017/msg00084.html",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-security-announce/2017/msg00084.html"
},
{
"name": "http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking"
],
"url": "http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8"
},
{
"name": "97489",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97489"
},
{
"name": "DSA-3826",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2017/dsa-3826"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-10-03T00:03Z",
"publishedDate": "2017-04-04T17:59Z"
}
}
}
FKIE_CVE-2017-0360
Vulnerability from fkie_nvd - Published: 2017-04-04 17:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tryton:tryton:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C3BE0CB-5798-440A-99EA-84CFC4C26051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24879289-85DC-47F3-B102-F5242F2F98D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7C9AA44-EEE7-4FFB-818E-516FAF3BB935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DFD995D-50CE-444D-BFD9-1FEDF8A337DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "587F99E7-1BB0-4D34-9CF4-2CD7CFAD9459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16539C74-95DC-417A-83AF-D9C2CB468D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "99BE0FAF-878E-4413-9D4F-1D11E46E3FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5F213038-286C-4138-9E6A-2256D98FFE6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA5BB77-15D2-4DB3-B612-D2BA2F6B37A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0409E1A5-D0B1-44D5-B997-6AEBE324B26B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4069DF96-E8A8-4BE1-87CA-BB018511BB86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "494F67A7-92EE-4E37-878B-F7B248B47FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A1D5CBC4-6BBF-4D40-95D3-079685D5CD54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "909F40C4-7FC8-452F-8C8F-7423D2BC1425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "96B2D6AD-A9C5-4550-924D-421CA8C5661C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "19D3A96B-C26E-462A-ADB7-7E034EE49E4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "76AC5C00-C930-43EF-985A-573DF58BC0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CD69E0-EED5-44A7-93B5-FD0606405099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E66CA992-A721-43C1-975E-13408D0BCC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9FEF0C-1832-48AE-8DA6-13B9DD5D0714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C335C4A2-410B-4BCD-9885-E50FC97074DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F4A664-E6F7-406E-95B3-2DCB3C634DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20AC1330-FD90-41E2-B8D4-C1FB3440ABC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B0FCDE6E-9B0D-4FAA-AA5F-B5DC55E83324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CF2DAD-2DC2-4F7B-B9C2-55D0ECEC89CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "71A8D4B9-3AEC-41B5-ACB7-F7BE58520174",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B618440C-15B0-4578-A590-9E72371B7C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5960FA55-5FAC-4E12-AC6C-01A62815B992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DF0ACF-E916-439C-B818-CD6F756DBBB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9D73CD6B-6C41-417C-ABE9-FDFEB7F9E7C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "901AB7CF-610F-43C9-A0D9-6F17D2F2EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD395ED-F4B4-4413-B906-888532100F78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5A6EA0-898D-41A3-B2E9-A3E27C9130D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "9F93FFA0-1DE6-46AB-8FE3-200DC05DC53A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "090FF1F7-66F6-47B0-BB3C-98CED35A63B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E073DC5B-C6EC-42DD-BFE0-CF166881B6DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBACDA2-4A24-4E94-A97D-CE35BD2260DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F4CB60-AC83-4B8C-9378-DD3A0B073A83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "820DCFC1-B82D-4F9F-A9C2-00693BB4A0CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C780E6-F84E-4AF9-977E-A2355773C0AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D2D1D2EF-BDA5-45F8-AA65-829E388D60BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C31E9-5A60-4CEE-BF09-DF1980BFFDCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "983F41DE-2696-480C-89BE-C8F9DC8F9DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9BB6FB-98FE-4065-AE4F-49DE1FA82EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6C82B8CF-F5A9-47CA-B142-BF5615744F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "38032178-B351-488D-8AFE-44B367331613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "31F5A3E2-12F3-42AF-80B3-41AF54D4D668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6D2C93-E66F-4A62-94C2-8A44C83FA3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CEABCB83-257F-4791-95C1-07B28C07E07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6331C335-1E73-4A58-B4D8-DD32E707DA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "17112766-1580-4705-8CFD-25612431EDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "66770DDE-3B3D-4B05-B36C-C1CE88673736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB9529D-CDD9-46DC-80D5-52CA49B22B67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "20199A2F-13DE-4AA7-8469-2A817160038D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2E5ED5-1490-49C4-B484-97020B90E611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C55F574-5734-4131-B7FA-7C3B72A34366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "785A1D6A-52BD-4EA0-9FEA-805F4CF8F347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "982F55FA-230E-486D-857D-A47C5580A98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3868F007-E794-47BA-A6C2-4D5572F607D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5569A138-B8A1-4782-9E21-8189C614A8AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D53B70AD-3197-4BF3-A650-FE7932380FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99CED877-4F45-4485-9890-00B65593223E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "67A47C56-D2BA-460A-B3AD-91BD830E31C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F1651341-2B35-48B5-8B51-9935260EFFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6E60BF36-AD7B-4198-AF3E-72B62572D194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB2741E-31D0-4FE0-90FC-F9AFCDA60FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5DA1B86C-6A53-444E-96A2-4AF29CE20C39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA91581-4170-41C4-A55F-A5F93538A146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B7338242-710D-4AC3-8621-01CDC7CDD420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3D72CDA5-8581-4221-9B28-9AB040D5AF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "85B7C654-09B0-49E1-B9F1-A4677706EA79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "618FF838-56E3-4087-AD2D-FE8677740400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A90168D0-DADF-4AD2-81F6-10F5FC4BAB88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78EB89CB-07F2-44AE-B99F-DAAC81FE7D86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98756804-6B53-4BD0-89D0-573905D83B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E82011DD-1E22-4969-BCFA-95FD9C995CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75573741-4CF9-4465-BED6-6C296754FB5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C02E22AF-5768-41CC-AF93-A4A1FCB22C89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2B471B78-0232-40A1-AD89-55FF000297FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2E73FB76-3704-4D60-A9ED-DD412E4294BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "468B866F-AE51-42B0-906F-FDD5F7533141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "664D1CA5-7169-4E6D-AC41-DC867EDBA91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AB720FD3-6527-4081-8959-AAA85E275264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "37E8E5EE-657A-415D-AE1C-DE725344E325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1138CC-3C59-45FB-BADF-A329B082ED22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B8612F05-E1EF-4B5F-8E37-09506E84BAA6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tryton:tryton:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6730B739-B7EF-495D-8256-F552FAAAB588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F95728E5-B5C5-4C9D-807E-535726C9886B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44C9A34B-FAC8-454C-8C87-908B3A5B54D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C5A0CD6-9D95-4C6F-B566-5347391E87AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D81B3FD5-97E1-4621-A832-2E9AD79FE0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD46BD3-D489-43F1-ACDF-019533F1EFBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AC409228-5D3C-4612-B757-0440AA8AE4EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64772E1F-9F56-4F13-BFBC-E21BB015DC45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FE692AA6-C1BB-48A7-91EB-97B283306B5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "75737945-8A14-45E2-936E-CAF3ABA5F674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56A8D4C7-CDFF-437C-914A-69F05B5D1AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C95F366-D7C0-4526-9F97-AC2A86E93BE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "258679B3-C370-4BF2-BA7F-E91285FE7988",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a \"same root name but with a suffix\" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242."
},
{
"lang": "es",
"value": "Archivo abierto en Tryton 3.x y 4.x hasta la versi\u00f3n 4.2.2 permite a los usuarios autenticados remotos con ciertos permisos leer archivos arbitrarios mediante un ataque de \"mismo nombre de ra\u00edz pero con sufijo\". NOTA: Esta vulnerabilidad existe debido a una correcci\u00f3n incompleta para CVE-2016-1242."
}
],
"id": "CVE-2017-0360",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-04T17:59:00.240",
"references": [
{
"source": "security@debian.org",
"url": "http://hg.tryton.org/trytond?cmd=changeset%3Bnode=472510fdc6f8"
},
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2017/dsa-3826"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97489"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-security-announce/2017/msg00084.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.tryton.org/trytond?cmd=changeset%3Bnode=472510fdc6f8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-security-announce/2017/msg00084.html"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CNVD-2017-10740
Vulnerability from cnvd - Published: 2017-06-22
VLAI Severity ?
Title
Tryton任意文件读取漏洞
Description
Tryton是一套基于Python和PostgreSQL的通用应用平台,它是OpenERP(企业资源计划ERP和客户关系管理CRM系统)的一个独立分支项目,包含了财务管理、营销管理、客户关系管理等模块,可用于创建企业资源计划系统。
Tryton 3.x版本和4.x版本至4.2.2版本中的file_open存在安全漏洞。远程攻击者可利用该漏洞读取任意文件。
Severity
低
Patch Name
Tryton任意文件读取漏洞的补丁
Patch Description
Tryton是一套基于Python和PostgreSQL的通用应用平台,它是OpenERP(企业资源计划ERP和客户关系管理CRM系统)的一个独立分支项目,包含了财务管理、营销管理、客户关系管理等模块,可用于创建企业资源计划系统。
Tryton 3.x版本和4.x版本至4.2.2版本中的file_open存在安全漏洞。远程攻击者可利用该漏洞读取任意文件。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下厂商提供的安全补丁以修复该漏洞: https://lists.debian.org/debian-security-announce/2017/msg00084.html
Reference
http://www.securityfocus.com/bid/97489
https://nvd.nist.gov/vuln/detail/CVE-2017-0360
Impacted products
| Name | ['Tryton trytond 3.*', 'Tryton trytond 4.*,<=4.2.2'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "97489"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2017-0360",
"cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0360"
}
},
"description": "Tryton\u662f\u4e00\u5957\u57fa\u4e8ePython\u548cPostgreSQL\u7684\u901a\u7528\u5e94\u7528\u5e73\u53f0\uff0c\u5b83\u662fOpenERP\uff08\u4f01\u4e1a\u8d44\u6e90\u8ba1\u5212ERP\u548c\u5ba2\u6237\u5173\u7cfb\u7ba1\u7406CRM\u7cfb\u7edf\uff09\u7684\u4e00\u4e2a\u72ec\u7acb\u5206\u652f\u9879\u76ee\uff0c\u5305\u542b\u4e86\u8d22\u52a1\u7ba1\u7406\u3001\u8425\u9500\u7ba1\u7406\u3001\u5ba2\u6237\u5173\u7cfb\u7ba1\u7406\u7b49\u6a21\u5757\uff0c\u53ef\u7528\u4e8e\u521b\u5efa\u4f01\u4e1a\u8d44\u6e90\u8ba1\u5212\u7cfb\u7edf\u3002\r\n\r\nTryton 3.x\u7248\u672c\u548c4.x\u7248\u672c\u81f34.2.2\u7248\u672c\u4e2d\u7684file_open\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u3002",
"discovererName": "Tryton",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://lists.debian.org/debian-security-announce/2017/msg00084.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-10740",
"openTime": "2017-06-22",
"patchDescription": "Tryton\u662f\u4e00\u5957\u57fa\u4e8ePython\u548cPostgreSQL\u7684\u901a\u7528\u5e94\u7528\u5e73\u53f0\uff0c\u5b83\u662fOpenERP\uff08\u4f01\u4e1a\u8d44\u6e90\u8ba1\u5212ERP\u548c\u5ba2\u6237\u5173\u7cfb\u7ba1\u7406CRM\u7cfb\u7edf\uff09\u7684\u4e00\u4e2a\u72ec\u7acb\u5206\u652f\u9879\u76ee\uff0c\u5305\u542b\u4e86\u8d22\u52a1\u7ba1\u7406\u3001\u8425\u9500\u7ba1\u7406\u3001\u5ba2\u6237\u5173\u7cfb\u7ba1\u7406\u7b49\u6a21\u5757\uff0c\u53ef\u7528\u4e8e\u521b\u5efa\u4f01\u4e1a\u8d44\u6e90\u8ba1\u5212\u7cfb\u7edf\u3002\r\n\r\nTryton 3.x\u7248\u672c\u548c4.x\u7248\u672c\u81f34.2.2\u7248\u672c\u4e2d\u7684file_open\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Tryton\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Tryton trytond 3.*",
"Tryton trytond 4.*\uff0c\u003c=4.2.2"
]
},
"referenceLink": "http://www.securityfocus.com/bid/97489\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-0360",
"serverity": "\u4f4e",
"submitTime": "2017-05-24",
"title": "Tryton\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…