file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.
References
Link | Resource |
---|---|
http://www.debian.org/security/2016/dsa-3656 | Third Party Advisory |
http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html | Vendor Advisory |
https://bugs.tryton.org/issue5808 | Issue Tracking |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: debian
Published: 2016-09-07T19:00:00
Updated: 2017-01-10T15:57:01
Reserved: 2015-12-27T00:00:00
Link: CVE-2016-1242
JSON object: View
NVD Information
Status : Modified
Published: 2016-09-07T19:28:01.677
Modified: 2017-01-13T02:59:02.900
Link: CVE-2016-1242
JSON object: View
Redhat Information
No data.
CWE