Описание
Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| tryton-server | fixed | 7.0.40-1 | package | |
| tryton-server | not-affected | bullseye | package |
Примечания
https://discuss.tryton.org/t/security-release-for-issue-14364/8952
https://foss.heptapod.net/tryton/tryton/-/issues/14364
Связанные уязвимости
CVSS3: 7.1
ubuntu
2 месяца назад
Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.
CVSS3: 7.1
nvd
2 месяца назад
Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.
CVSS3: 7.1
github
2 месяца назад
trytond does not enforce access rights for the route of the HTML editor.