Your submission was sent successfully! Close

CVE-2017-0360

Published: 4 April 2017

file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.

Priority

Medium

CVSS 3 base score: 5.3

Status

Package Release Status
tryton-server
Launchpad, Ubuntu, Debian
artful Not vulnerable
(4.2.1-2)
bionic Not vulnerable
(4.2.1-2)
cosmic Not vulnerable
(4.2.1-2)
disco Not vulnerable
(4.2.1-2)
eoan Not vulnerable
(4.2.1-2)
focal Not vulnerable
(4.2.1-2)
groovy Not vulnerable
(4.2.1-2)
hirsute Not vulnerable
(4.2.1-2)
impish Not vulnerable
(4.2.1-2)
jammy Not vulnerable
(4.2.1-2)
precise Does not exist
(precise was needs-triage)
trusty Does not exist
(trusty was needed)
upstream
Released (4.2.1-2)
xenial Ignored
(end of standard support, was needed)
yakkety Ignored
(reached end-of-life)
zesty Not vulnerable
(4.2.1-2)