Main Vulnerability Database Vulnerabilities #VU40129

Information disclosure in Tryton - CVE-2016-1242

Published: September 7, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40129

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-1242

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Python.org

Affected software:
Tryton

Detailed vulnerability description

The vulnerability allows a remote privileged user to gain access to sensitive information.

file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.

How to mitigate CVE-2016-1242

Install update from vendor's website.

Sources

http://www.debian.org/security/2016/dsa-3656
http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html
https://bugs.tryton.org/issue5808

Information disclosure in Tryton - CVE-2016-1242

Detailed vulnerability description

How to mitigate CVE-2016-1242

Sources

Please verify you're human