Description file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.
CVSS vector CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Exploitability: 0.7 | Impact: 3.6 Attack Vector: Network
Complexity: High
Privileges: High
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: None
Availability: None
Affected Packages3 packages
🔴 Vulnerability Details6 GHSA Tryton allow authenticated users with certain permissions to read arbitrary files via the name parameter ↗ 2022-05-17 ▶ OSV Tryton allow authenticated users with certain permissions to read arbitrary files via the name parameter ↗ 2022-05-17 ▶ OSV Tryton Information Disclosure Vulnerability ↗ 2022-05-13 ▶ GHSA Tryton Information Disclosure Vulnerability ↗ 2022-05-13 ▶ OSV CVE-2017-0360: file_open in Tryton 3 ↗ 2017-04-04 ▶ Show 1 more
📋 Vendor Advisories2 Debian CVE-2017-0360: tryton-server - file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users ... ↗ 2017 ▶ Debian CVE-2016-1242: tryton-server - file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8... ↗ 2016 ▶
🕵️ Threat Intelligence1 Wiz CVE-2020-37014 Impact, Exploitability, and Mitigation Steps | Wiz ↗ ▶
💬 Community4 Bugzilla CVE-2017-0360 tryton: file_open does not sanitize all cases ↗ 2017-04-05 ▶ Bugzilla CVE-2016-1242 tryton: admin user able to access all files on system ↗ 2016-09-08 ▶ Bugzilla CVE-2016-1241 CVE-2016-1242 tryton: various flaws [epel-all] ↗ 2016-09-08 ▶ Bugzilla CVE-2016-1241 CVE-2016-1242 tryton: various flaws [fedora-all] ↗ 2016-09-08 ▶