Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-1242 (GCVE-0-2016-1242)
Vulnerability from cvelistv5 – Published: 2016-09-07 19:00 – Updated: 2024-08-05 22:48
VLAI?
EPSS
Summary
file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html"
},
{
"name": "DSA-3656",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3656"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.tryton.org/issue5808"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-10T15:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html"
},
{
"name": "DSA-3656",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3656"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.tryton.org/issue5808"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-1242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html",
"refsource": "CONFIRM",
"url": "http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html"
},
{
"name": "DSA-3656",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3656"
},
{
"name": "https://bugs.tryton.org/issue5808",
"refsource": "CONFIRM",
"url": "https://bugs.tryton.org/issue5808"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-1242",
"datePublished": "2016-09-07T19:00:00.000Z",
"dateReserved": "2015-12-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:48:13.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GSD-2016-1242
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-1242",
"description": "file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.",
"id": "GSD-2016-1242",
"references": [
"https://www.suse.com/security/cve/CVE-2016-1242.html",
"https://www.debian.org/security/2016/dsa-3656"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-1242"
],
"details": "file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.",
"id": "GSD-2016-1242",
"modified": "2023-12-13T01:21:24.713316Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-1242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html",
"refsource": "CONFIRM",
"url": "http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html"
},
{
"name": "DSA-3656",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3656"
},
{
"name": "https://bugs.tryton.org/issue5808",
"refsource": "CONFIRM",
"url": "https://bugs.tryton.org/issue5808"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:4.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:4.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.2.16",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-1242"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.tryton.org/issue5808",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking"
],
"url": "https://bugs.tryton.org/issue5808"
},
{
"name": "DSA-3656",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3656"
},
{
"name": "http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6
}
},
"lastModifiedDate": "2017-01-13T02:59Z",
"publishedDate": "2016-09-07T19:28Z"
}
}
}
PYSEC-2016-13
Vulnerability from pysec - Published: 2016-09-07 19:28 - Updated: 2021-10-12 02:55
VLAI?
Details
file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.
Impacted products
| Name | purl | trytond | pkg:pypi/trytond |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "trytond",
"purl": "pkg:pypi/trytond"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.17"
},
{
"introduced": "3.4"
},
{
"fixed": "3.4.14"
},
{
"introduced": "3.6"
},
{
"fixed": "3.6.12"
},
{
"introduced": "3.8"
},
{
"fixed": "3.8.8"
},
{
"introduced": "4.0"
},
{
"fixed": "4.0.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.0.0",
"1.0.1",
"1.0.2",
"1.0.3",
"1.0.4",
"1.0.5",
"1.0.6",
"1.0.7",
"1.0.8",
"1.0.9",
"1.2.0",
"1.2.1",
"1.2.10",
"1.2.2",
"1.2.3",
"1.2.4",
"1.2.5",
"1.2.6",
"1.2.7",
"1.2.8",
"1.2.9",
"1.4.0",
"1.4.1",
"1.4.10",
"1.4.11",
"1.4.12",
"1.4.13",
"1.4.2",
"1.4.3",
"1.4.4",
"1.4.5",
"1.4.6",
"1.4.7",
"1.4.8",
"1.4.9",
"1.6.0",
"1.6.1",
"1.6.10",
"1.6.2",
"1.6.3",
"1.6.4",
"1.6.5",
"1.6.6",
"1.6.7",
"1.6.8",
"1.6.9",
"1.8.0",
"1.8.1",
"1.8.10",
"1.8.11",
"1.8.2",
"1.8.3",
"1.8.4",
"1.8.5",
"1.8.6",
"1.8.7",
"1.8.8",
"1.8.9",
"2.0.0",
"2.0.1",
"2.0.10",
"2.0.11",
"2.0.12",
"2.0.13",
"2.0.2",
"2.0.3",
"2.0.4",
"2.0.5",
"2.0.6",
"2.0.7",
"2.0.8",
"2.0.9",
"2.2.0",
"2.2.1",
"2.2.10",
"2.2.11",
"2.2.12",
"2.2.13",
"2.2.14",
"2.2.2",
"2.2.3",
"2.2.4",
"2.2.5",
"2.2.6",
"2.2.7",
"2.2.8",
"2.2.9",
"2.4.0",
"2.4.1",
"2.4.10",
"2.4.11",
"2.4.12",
"2.4.13",
"2.4.14",
"2.4.15",
"2.4.16",
"2.4.2",
"2.4.3",
"2.4.4",
"2.4.5",
"2.4.6",
"2.4.7",
"2.4.8",
"2.4.9",
"2.6.0",
"2.6.1",
"2.6.10",
"2.6.11",
"2.6.12",
"2.6.13",
"2.6.14",
"2.6.15",
"2.6.16",
"2.6.17",
"2.6.18",
"2.6.2",
"2.6.3",
"2.6.4",
"2.6.5",
"2.6.6",
"2.6.7",
"2.6.8",
"2.6.9",
"2.8.0",
"2.8.1",
"2.8.10",
"2.8.11",
"2.8.12",
"2.8.13",
"2.8.14",
"2.8.15",
"2.8.16",
"2.8.2",
"2.8.3",
"2.8.4",
"2.8.5",
"2.8.6",
"2.8.7",
"2.8.8",
"2.8.9",
"3.0.0",
"3.0.1",
"3.0.10",
"3.0.11",
"3.0.12",
"3.0.13",
"3.0.14",
"3.0.15",
"3.0.16",
"3.0.17",
"3.0.2",
"3.0.3",
"3.0.4",
"3.0.5",
"3.0.6",
"3.0.7",
"3.0.8",
"3.0.9",
"3.2.0",
"3.2.1",
"3.2.10",
"3.2.11",
"3.2.12",
"3.2.13",
"3.2.14",
"3.2.15",
"3.2.16",
"3.2.2",
"3.2.3",
"3.2.4",
"3.2.5",
"3.2.6",
"3.2.7",
"3.2.8",
"3.2.9",
"3.4.0",
"3.4.1",
"3.4.10",
"3.4.11",
"3.4.12",
"3.4.13",
"3.4.2",
"3.4.3",
"3.4.4",
"3.4.5",
"3.4.6",
"3.4.7",
"3.4.8",
"3.4.9",
"3.6.0",
"3.6.1",
"3.6.10",
"3.6.11",
"3.6.2",
"3.6.3",
"3.6.4",
"3.6.5",
"3.6.6",
"3.6.7",
"3.6.8",
"3.6.9",
"3.8.0",
"3.8.1",
"3.8.2",
"3.8.3",
"3.8.4",
"3.8.5",
"3.8.6",
"3.8.7",
"4.0.0",
"4.0.1",
"4.0.2",
"4.0.3"
]
}
],
"aliases": [
"CVE-2016-1242"
],
"details": "file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.",
"id": "PYSEC-2016-13",
"modified": "2021-10-12T02:55:35.639640Z",
"published": "2016-09-07T19:28:00Z",
"references": [
{
"type": "WEB",
"url": "https://bugs.tryton.org/issue5808"
},
{
"type": "ADVISORY",
"url": "http://www.debian.org/security/2016/dsa-3656"
},
{
"type": "WEB",
"url": "http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html"
}
]
}
PYSEC-2016-41
Vulnerability from pysec - Published: 2016-09-07 19:28 - Updated: 2024-11-21 14:23
VLAI?
Details
file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.
Severity ?
4.4 (Medium)
Impacted products
| Name | purl | tryton | pkg:pypi/tryton |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tryton",
"purl": "pkg:pypi/tryton"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.17"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.0.0",
"1.0.1",
"1.0.2",
"1.0.3",
"1.0.4",
"1.0.5",
"1.0.6",
"1.0.7",
"1.0.8",
"1.0.9",
"1.2.0",
"1.2.1",
"1.2.10",
"1.2.2",
"1.2.3",
"1.2.4",
"1.2.5",
"1.2.6",
"1.2.7",
"1.2.8",
"1.2.9",
"1.4.0",
"1.4.1",
"1.4.10",
"1.4.2",
"1.4.3",
"1.4.4",
"1.4.5",
"1.4.6",
"1.4.7",
"1.4.8",
"1.4.9",
"1.6.0",
"1.6.1",
"1.6.2",
"1.6.3",
"1.6.4",
"1.6.5",
"1.6.6",
"1.6.7",
"1.6.8",
"1.6.9",
"1.8.0",
"1.8.1",
"1.8.2",
"1.8.3",
"1.8.4",
"1.8.5",
"1.8.6",
"1.8.7",
"1.8.8",
"1.8.9",
"2.0.0",
"2.0.1",
"2.0.10",
"2.0.11",
"2.0.12",
"2.0.2",
"2.0.3",
"2.0.4",
"2.0.5",
"2.0.6",
"2.0.7",
"2.0.8",
"2.0.9",
"2.2.0",
"2.2.1",
"2.2.10",
"2.2.11",
"2.2.12",
"2.2.13",
"2.2.2",
"2.2.3",
"2.2.4",
"2.2.5",
"2.2.6",
"2.2.7",
"2.2.8",
"2.2.9",
"2.4.0",
"2.4.1",
"2.4.10",
"2.4.11",
"2.4.12",
"2.4.13",
"2.4.14",
"2.4.15",
"2.4.16",
"2.4.2",
"2.4.3",
"2.4.4",
"2.4.5",
"2.4.6",
"2.4.7",
"2.4.8",
"2.4.9",
"2.6.0",
"2.6.1",
"2.6.10",
"2.6.11",
"2.6.12",
"2.6.13",
"2.6.14",
"2.6.15",
"2.6.16",
"2.6.2",
"2.6.3",
"2.6.4",
"2.6.5",
"2.6.6",
"2.6.7",
"2.6.8",
"2.6.9",
"2.8.0",
"2.8.1",
"2.8.10",
"2.8.11",
"2.8.12",
"2.8.13",
"2.8.14",
"2.8.15",
"2.8.16",
"2.8.2",
"2.8.3",
"2.8.4",
"2.8.5",
"2.8.6",
"2.8.7",
"2.8.8",
"2.8.9",
"3.0.0",
"3.0.1",
"3.0.10",
"3.0.11",
"3.0.12",
"3.0.13",
"3.0.14",
"3.0.15",
"3.0.16",
"3.0.17",
"3.0.2",
"3.0.3",
"3.0.4",
"3.0.5",
"3.0.6",
"3.0.7",
"3.0.8",
"3.0.9",
"3.2.0",
"3.2.1",
"3.2.10",
"3.2.11",
"3.2.12",
"3.2.13",
"3.2.14",
"3.2.15",
"3.2.16",
"3.2.2",
"3.2.3",
"3.2.4",
"3.2.5",
"3.2.6",
"3.2.7",
"3.2.8",
"3.2.9"
]
}
],
"aliases": [
"CVE-2016-1242"
],
"details": "file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.",
"id": "PYSEC-2016-41",
"modified": "2024-11-21T14:23:02.083165+00:00",
"published": "2016-09-07T19:28:00+00:00",
"references": [
{
"type": "REPORT",
"url": "https://bugs.tryton.org/issue5808"
},
{
"type": "ADVISORY",
"url": "http://www.debian.org/security/2016/dsa-3656"
},
{
"type": "ADVISORY",
"url": "http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html"
}
],
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2016-1242
Vulnerability from fkie_nvd - Published: 2016-09-07 19:28 - Updated: 2025-04-12 10:46
Severity ?
Summary
file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tryton | tryton | 4.0.0 | |
| tryton | tryton | 4.0.1 | |
| tryton | tryton | 4.0.2 | |
| tryton | tryton | 4.0.3 | |
| tryton | tryton | * | |
| tryton | tryton | 3.8.0 | |
| tryton | tryton | 3.8.1 | |
| tryton | tryton | 3.8.2 | |
| tryton | tryton | 3.8.3 | |
| tryton | tryton | 3.8.4 | |
| tryton | tryton | 3.8.5 | |
| tryton | tryton | 3.8.6 | |
| tryton | tryton | 3.8.7 | |
| tryton | tryton | 3.4.0 | |
| tryton | tryton | 3.4.1 | |
| tryton | tryton | 3.4.2 | |
| tryton | tryton | 3.4.3 | |
| tryton | tryton | 3.4.4 | |
| tryton | tryton | 3.4.5 | |
| tryton | tryton | 3.4.6 | |
| tryton | tryton | 3.4.7 | |
| tryton | tryton | 3.4.8 | |
| tryton | tryton | 3.4.9 | |
| tryton | tryton | 3.4.10 | |
| tryton | tryton | 3.4.11 | |
| tryton | tryton | 3.4.12 | |
| tryton | tryton | 3.4.13 | |
| tryton | tryton | 3.8.4 | |
| tryton | tryton | 3.2.0 | |
| tryton | tryton | 3.6.0 | |
| tryton | tryton | 3.6.1 | |
| tryton | tryton | 3.6.2 | |
| tryton | tryton | 3.6.3 | |
| tryton | tryton | 3.6.4 | |
| tryton | tryton | 3.6.5 | |
| tryton | tryton | 3.6.6 | |
| tryton | tryton | 3.6.7 | |
| tryton | tryton | 3.6.8 | |
| tryton | tryton | 3.6.9 | |
| tryton | tryton | 3.6.10 | |
| tryton | tryton | 3.6.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tryton:tryton:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6730B739-B7EF-495D-8256-F552FAAAB588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F95728E5-B5C5-4C9D-807E-535726C9886B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44C9A34B-FAC8-454C-8C87-908B3A5B54D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C5A0CD6-9D95-4C6F-B566-5347391E87AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tryton:tryton:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF963655-95EE-47FF-AB6C-1C647D4C23E0",
"versionEndIncluding": "3.2.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "618FF838-56E3-4087-AD2D-FE8677740400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A90168D0-DADF-4AD2-81F6-10F5FC4BAB88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78EB89CB-07F2-44AE-B99F-DAAC81FE7D86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98756804-6B53-4BD0-89D0-573905D83B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E82011DD-1E22-4969-BCFA-95FD9C995CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75573741-4CF9-4465-BED6-6C296754FB5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C02E22AF-5768-41CC-AF93-A4A1FCB22C89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2B471B78-0232-40A1-AD89-55FF000297FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBACDA2-4A24-4E94-A97D-CE35BD2260DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F4CB60-AC83-4B8C-9378-DD3A0B073A83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "820DCFC1-B82D-4F9F-A9C2-00693BB4A0CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C780E6-F84E-4AF9-977E-A2355773C0AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D2D1D2EF-BDA5-45F8-AA65-829E388D60BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C31E9-5A60-4CEE-BF09-DF1980BFFDCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "983F41DE-2696-480C-89BE-C8F9DC8F9DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9BB6FB-98FE-4065-AE4F-49DE1FA82EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6C82B8CF-F5A9-47CA-B142-BF5615744F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "38032178-B351-488D-8AFE-44B367331613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "31F5A3E2-12F3-42AF-80B3-41AF54D4D668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6D2C93-E66F-4A62-94C2-8A44C83FA3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CEABCB83-257F-4791-95C1-07B28C07E07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6331C335-1E73-4A58-B4D8-DD32E707DA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E82011DD-1E22-4969-BCFA-95FD9C995CCE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tryton:tryton:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E66CA992-A721-43C1-975E-13408D0BCC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2E5ED5-1490-49C4-B484-97020B90E611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C55F574-5734-4131-B7FA-7C3B72A34366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "785A1D6A-52BD-4EA0-9FEA-805F4CF8F347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "982F55FA-230E-486D-857D-A47C5580A98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3868F007-E794-47BA-A6C2-4D5572F607D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5569A138-B8A1-4782-9E21-8189C614A8AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D53B70AD-3197-4BF3-A650-FE7932380FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99CED877-4F45-4485-9890-00B65593223E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "67A47C56-D2BA-460A-B3AD-91BD830E31C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F1651341-2B35-48B5-8B51-9935260EFFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6E60BF36-AD7B-4198-AF3E-72B62572D194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB2741E-31D0-4FE0-90FC-F9AFCDA60FA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors."
},
{
"lang": "es",
"value": "file_open en Tryton en versiones anteriores a 3.2.17, 3.4.x en versiones anteriores a 3.4.14, 3.6.x en versiones anteriores a 3.6.12, 3.8.x en versiones anteriores a 3.8.8 y 4.x en versiones anteriores a 4.0.4 permite a usuarios remotos autenticados con ciertos permisos leer archivos arbitrarios a trav\u00e9s del par\u00e1metro name o de otros vectores no especificados."
}
],
"id": "CVE-2016-1242",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-07T19:28:01.677",
"references": [
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3656"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugs.tryton.org/issue5808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugs.tryton.org/issue5808"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-JPR7-8RXM-4VGX
Vulnerability from github – Published: 2022-05-17 03:05 – Updated: 2024-11-22 18:17
VLAI?
Summary
Tryton allow authenticated users with certain permissions to read arbitrary files via the name parameter
Details
file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.
Severity ?
4.4 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "trytond"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.17"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "trytond"
},
"ranges": [
{
"events": [
{
"introduced": "3.4"
},
{
"fixed": "3.4.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "trytond"
},
"ranges": [
{
"events": [
{
"introduced": "3.6"
},
{
"fixed": "3.6.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "trytond"
},
"ranges": [
{
"events": [
{
"introduced": "3.8"
},
{
"fixed": "3.8.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "trytond"
},
"ranges": [
{
"events": [
{
"introduced": "4.0"
},
{
"fixed": "4.0.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-1242"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-29T16:39:47Z",
"nvd_published_at": "2016-09-07T19:28:00Z",
"severity": "MODERATE"
},
"details": "`file_open` in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.",
"id": "GHSA-jpr7-8rxm-4vgx",
"modified": "2024-11-22T18:17:33Z",
"published": "2022-05-17T03:05:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1242"
},
{
"type": "WEB",
"url": "https://bugs.tryton.org/issue5808"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tryton/PYSEC-2016-41.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/trytond/PYSEC-2016-13.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tryton/trytond"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3656"
},
{
"type": "WEB",
"url": "http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Tryton allow authenticated users with certain permissions to read arbitrary files via the name parameter"
}
CNVD-2016-07359
Vulnerability from cnvd - Published: 2016-09-08
VLAI Severity ?
Title
Tryton信息泄露漏洞
Description
Tryton是一套基于Python和PostgreSQL的通用应用平台,它是OpenERP(企业资源计划ERP和客户关系管理CRM系统)的一个独立分支项目,包含了财务管理、营销管理、客户关系管理等模块,可用于创建企业资源计划系统。
Tryton应用程序平台的服务器存在安全漏洞。攻击者可利用该漏洞造成信息泄露。
Severity
中
Patch Name
Tryton信息泄露漏洞的补丁
Patch Description
Tryton是一套基于Python和PostgreSQL的通用应用平台,它是OpenERP(企业资源计划ERP和客户关系管理CRM系统)的一个独立分支项目,包含了财务管理、营销管理、客户关系管理等模块,可用于创建企业资源计划系统。
Tryton应用程序平台的服务器存在安全漏洞。攻击者可利用该漏洞造成信息泄露。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: https://www.debian.org/security/2016/dsa-3656
Reference
https://www.debian.org/security/2016/dsa-3656
http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html
Impacted products
| Name | Tryton trytond |
|---|
{
"bids": {
"bid": {
"bidNumber": "92910"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2016-1242"
}
},
"description": "Tryton\u662f\u4e00\u5957\u57fa\u4e8ePython\u548cPostgreSQL\u7684\u901a\u7528\u5e94\u7528\u5e73\u53f0\uff0c\u5b83\u662fOpenERP\uff08\u4f01\u4e1a\u8d44\u6e90\u8ba1\u5212ERP\u548c\u5ba2\u6237\u5173\u7cfb\u7ba1\u7406CRM\u7cfb\u7edf\uff09\u7684\u4e00\u4e2a\u72ec\u7acb\u5206\u652f\u9879\u76ee\uff0c\u5305\u542b\u4e86\u8d22\u52a1\u7ba1\u7406\u3001\u8425\u9500\u7ba1\u7406\u3001\u5ba2\u6237\u5173\u7cfb\u7ba1\u7406\u7b49\u6a21\u5757\uff0c\u53ef\u7528\u4e8e\u521b\u5efa\u4f01\u4e1a\u8d44\u6e90\u8ba1\u5212\u7cfb\u7edf\u3002\r\n\r\nTryton\u5e94\u7528\u7a0b\u5e8f\u5e73\u53f0\u7684\u670d\u52a1\u5668\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u4fe1\u606f\u6cc4\u9732\u3002",
"discovererName": "unknown",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.debian.org/security/2016/dsa-3656",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-07359",
"openTime": "2016-09-08",
"patchDescription": "Tryton\u662f\u4e00\u5957\u57fa\u4e8ePython\u548cPostgreSQL\u7684\u901a\u7528\u5e94\u7528\u5e73\u53f0\uff0c\u5b83\u662fOpenERP\uff08\u4f01\u4e1a\u8d44\u6e90\u8ba1\u5212ERP\u548c\u5ba2\u6237\u5173\u7cfb\u7ba1\u7406CRM\u7cfb\u7edf\uff09\u7684\u4e00\u4e2a\u72ec\u7acb\u5206\u652f\u9879\u76ee\uff0c\u5305\u542b\u4e86\u8d22\u52a1\u7ba1\u7406\u3001\u8425\u9500\u7ba1\u7406\u3001\u5ba2\u6237\u5173\u7cfb\u7ba1\u7406\u7b49\u6a21\u5757\uff0c\u53ef\u7528\u4e8e\u521b\u5efa\u4f01\u4e1a\u8d44\u6e90\u8ba1\u5212\u7cfb\u7edf\u3002\r\n\r\nTryton\u5e94\u7528\u7a0b\u5e8f\u5e73\u53f0\u7684\u670d\u52a1\u5668\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u4fe1\u606f\u6cc4\u9732\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Tryton\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Tryton trytond"
},
"referenceLink": "https://www.debian.org/security/2016/dsa-3656\r\nhttp://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html",
"serverity": "\u4e2d",
"submitTime": "2016-09-08",
"title": "Tryton\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…