file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.
No CVSS v3.1
Attack Vector Network
Attack Complexity High
Privileges Required Low
Scope Unchanged
Confidentiality Impact High
Integrity Impact None
Availability Impact None
User Interaction None
Access Vector Network
Access Complexity Medium
Authentication Single
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
AV:N/AC:M/Au:S/C:P/I:N/A:N
Vendors | Products |
---|---|
Tryton |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
References
Link | Resource |
---|---|
http://hg.tryton.org/trytond?cmd=changeset%3Bnode=472510fdc6f8 | |
http://www.debian.org/security/2017/dsa-3826 | |
http://www.securityfocus.com/bid/97489 | Third Party Advisory VDB Entry |
https://lists.debian.org/debian-security-announce/2017/msg00084.html | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: debian
Published: 2017-04-04T17:00:00
Updated: 2017-11-03T18:57:01
Reserved: 2016-11-29T00:00:00
Link: CVE-2017-0360
JSON object: View
NVD Information
Status : Modified
Published: 2017-04-04T17:59:00.240
Modified: 2023-11-07T02:37:43.590
Link: CVE-2017-0360
JSON object: View
Redhat Information
No data.
CWE