File Access Vulnerability in Tryton by Open Source Community
CVE-2017-0360

5.3MEDIUM

Key Information:

Vendor

Tryton

Status
Tryton-server Before 3.4.0-3+deb8u3
Vendor
CVE Published:
4 April 2017

What is CVE-2017-0360?

The vulnerability allows remote authenticated users with specific permissions in Tryton 3.x and 4.x up to version 4.2.2 to exploit an inadequate fix from a prior vulnerability, permitting them to read arbitrary files via a 'same root name but with a suffix' attack. This oversight poses a significant risk to data confidentiality within affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

tryton-server before 3.4.0-3+deb8u3 tryton-server before 3.4.0-3+deb8u3

References

http://www.debian.org/security/2017/dsa-3826
vendor-advisoryx_refsource_DEBIAN
http://hg.tryton.org/trytond?cmd=changeset%3Bnode=472510f...
x_refsource_CONFIRM
https://lists.debian.org/debian-security-announce/2017/ms...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.