An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system.
References
Link | Resource |
---|---|
https://bugs.tryton.org/issue11219 | Exploit Issue Tracking Vendor Advisory |
https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059 | Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2022/03/msg00016.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/03/msg00017.html | Mailing List Third Party Advisory |
https://www.debian.org/security/2022/dsa-5098 | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5099 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-03-07T22:40:11
Updated: 2022-03-11T14:06:17
Reserved: 2022-03-07T00:00:00
Link: CVE-2022-26661
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-10T17:47:52.213
Modified: 2022-03-18T14:46:01.787
Link: CVE-2022-26661
JSON object: View
Redhat Information
No data.
CWE