CVE-2016-1241

MEDIUM

Tryton <3.2.17, <3.4.14, <3.6.12, <3.8.8, <4.0.4 - Info Disclosure

Title source: llm
STIX 2.1

Description

Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.

References (3)

Core 3
Core References
Issue Tracking x_refsource_confirm
https://bugs.tryton.org/issue5795
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3656

Scores

CVSS v3 5.3
EPSS 0.0159
EPSS Percentile 72.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (41)
pypi/trytond 3.0.0 - 3.2.17PyPI
tryton/tryton 3.8.0
tryton/tryton 3.8.1
tryton/tryton 3.8.2
tryton/tryton 3.8.3
tryton/tryton 3.8.4
tryton/tryton 3.8.5
tryton/tryton 3.8.6
tryton/tryton 3.8.7
tryton/tryton 4.0.0
... and 31 more
Published Sep 07, 2016
Tracked Since Feb 18, 2026