CVE-2016-1242
Published: 7 September 2016
file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.
Priority
Medium
CVSS 3 base score: 4.4
Status
| Package | Release | Status |
|---|---|---|
|
tryton-server Launchpad, Ubuntu, Debian |
artful |
Ignored
(reached end-of-life)
|
| bionic |
Not vulnerable
(4.0.4-1)
|
|
| cosmic |
Not vulnerable
(4.0.4-1)
|
|
| disco |
Not vulnerable
(4.0.4-1)
|
|
| eoan |
Not vulnerable
(4.0.4-1)
|
|
| focal |
Not vulnerable
(4.0.4-1)
|
|
| groovy |
Not vulnerable
(4.0.4-1)
|
|
| hirsute |
Not vulnerable
(4.0.4-1)
|
|
| impish |
Not vulnerable
(4.0.4-1)
|
|
| jammy |
Not vulnerable
(4.0.4-1)
|
|
| precise |
Does not exist
(precise was needs-triage)
|
|
| trusty |
Does not exist
(trusty was needed)
|
|
| upstream |
Released
(4.0.4-1)
|
|
| xenial |
Ignored
(end of standard support, was needed)
|
|
| yakkety |
Ignored
(reached end-of-life)
|
|
| zesty |
Ignored
(reached end-of-life)
|
|
|
Patches: upstream: https://hg.tryton.org/trytond/rev/1cf79b978221 (4.0) upstream: https://hg.tryton.org/trytond/rev/922e8717c9d1 (trunk, tests) |
||