Your submission was sent successfully! Close

CVE-2016-1242

Published: 7 September 2016

file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.

Priority

Medium

CVSS 3 base score: 4.4

Status

Package Release Status
tryton-server
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(4.0.4-1)
cosmic Not vulnerable
(4.0.4-1)
disco Not vulnerable
(4.0.4-1)
eoan Not vulnerable
(4.0.4-1)
focal Not vulnerable
(4.0.4-1)
groovy Not vulnerable
(4.0.4-1)
hirsute Not vulnerable
(4.0.4-1)
impish Not vulnerable
(4.0.4-1)
jammy Not vulnerable
(4.0.4-1)
precise Does not exist
(precise was needs-triage)
trusty Does not exist
(trusty was needed)
upstream
Released (4.0.4-1)
xenial Ignored
(end of standard support, was needed)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)
Patches:
upstream: https://hg.tryton.org/trytond/rev/1cf79b978221 (4.0)
upstream: https://hg.tryton.org/trytond/rev/922e8717c9d1 (trunk, tests)