CVE-2016-1242

MEDIUM

Tryton <3.2.17, <3.4.14, <3.6.12, <3.8.8, <4.0.4 - Info Disclosure

Title source: llm
STIX 2.1

Description

file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.

References (3)

Core 3
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3656
Issue Tracking x_refsource_confirm
https://bugs.tryton.org/issue5808

Scores

CVSS v3 4.4
EPSS 0.0182
EPSS Percentile 76.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (41)
pypi/trytond 0 - 3.2.17PyPI
tryton/tryton 4.0.0
tryton/tryton 4.0.1
tryton/tryton 4.0.2
tryton/tryton 4.0.3
tryton/tryton 3.8.0
tryton/tryton 3.8.1
tryton/tryton 3.8.2
tryton/tryton 3.8.3
tryton/tryton 3.8.4
... and 31 more
Published Sep 07, 2016
Tracked Since Feb 18, 2026