CVE-2016-1241
MEDIUMTryton <3.2.17, <3.4.14, <3.6.12, <3.8.8, <4.0.4 - Info Disclosure
Title source: llmDescription
Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html
Issue Tracking x_refsource_confirm
https://bugs.tryton.org/issue5795
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3656
Scores
CVSS v3
5.3
EPSS
0.0159
EPSS Percentile
72.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (41)
pypi/trytond
3.0.0 - 3.2.17PyPI
tryton/tryton
3.8.0
tryton/tryton
3.8.1
tryton/tryton
3.8.2
tryton/tryton
3.8.3
tryton/tryton
3.8.4
tryton/tryton
3.8.5
tryton/tryton
3.8.6
tryton/tryton
3.8.7
tryton/tryton
4.0.0
... and 31 more
Published
Sep 07, 2016
Tracked Since
Feb 18, 2026