CVE-2016-1242
Published: 7 September 2016
file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.
Priority
CVSS 3 base score: 4.4
Status
Package | Release | Status |
---|---|---|
tryton-server Launchpad, Ubuntu, Debian |
artful |
Ignored
(reached end-of-life)
|
bionic |
Not vulnerable
(4.0.4-1)
|
|
cosmic |
Not vulnerable
(4.0.4-1)
|
|
disco |
Not vulnerable
(4.0.4-1)
|
|
eoan |
Not vulnerable
(4.0.4-1)
|
|
focal |
Not vulnerable
(4.0.4-1)
|
|
groovy |
Not vulnerable
(4.0.4-1)
|
|
hirsute |
Not vulnerable
(4.0.4-1)
|
|
impish |
Not vulnerable
(4.0.4-1)
|
|
jammy |
Not vulnerable
(4.0.4-1)
|
|
precise |
Does not exist
(precise was needs-triage)
|
|
trusty |
Does not exist
(trusty was needed)
|
|
upstream |
Released
(4.0.4-1)
|
|
xenial |
Ignored
(end of standard support, was needed)
|
|
yakkety |
Ignored
(reached end-of-life)
|
|
zesty |
Ignored
(reached end-of-life)
|
|
Patches: upstream: https://hg.tryton.org/trytond/rev/1cf79b978221 (4.0) upstream: https://hg.tryton.org/trytond/rev/922e8717c9d1 (trunk, tests) |