CVE-2016-1242
MEDIUMTryton <3.2.17, <3.4.14, <3.6.12, <3.8.8, <4.0.4 - Info Disclosure
Title source: llmDescription
file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3656
Issue Tracking x_refsource_confirm
https://bugs.tryton.org/issue5808
Scores
CVSS v3
4.4
EPSS
0.0182
EPSS Percentile
76.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (41)
pypi/trytond
0 - 3.2.17PyPI
tryton/tryton
4.0.0
tryton/tryton
4.0.1
tryton/tryton
4.0.2
tryton/tryton
4.0.3
tryton/tryton
3.8.0
tryton/tryton
3.8.1
tryton/tryton
3.8.2
tryton/tryton
3.8.3
tryton/tryton
3.8.4
... and 31 more
Published
Sep 07, 2016
Tracked Since
Feb 18, 2026