Описание
Tryton allows users to read the hashed password
Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-1241
- https://github.com/tryton/trytond/commit/11424d57b7838381745655e2e89470ff9087cd27
- https://github.com/tryton/trytond/commit/30d2a6dcaf09340829cd70ee8a15a4941ca7161a
- https://bugs.tryton.org/issue5795
- https://github.com/pypa/advisory-database/tree/main/vulns/tryton/PYSEC-2016-40.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/trytond/PYSEC-2016-12.yaml
- http://www.debian.org/security/2016/dsa-3656
- http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html
Пакеты
trytond
>= 3.0.0, < 3.2.17
3.2.17
trytond
>= 3.4.0, < 3.4.14
3.4.14
trytond
>= 3.8.0, < 3.8.8
3.8.8
trytond
>= 3.6.0, < 3.6.12
3.6.12
trytond
>= 4.0.0, < 4.0.4
4.0.4
Связанные уязвимости
Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.
Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.
Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3. ...
Security update for GNU Health and it's dependencies