Опубликовано: 23 апр. 2022
Источник: github
Github: Прошло ревью
CVSS4: 8.7
CVSS3: 7.5
Описание
trytond Incorrect Authorization vulnerability
trytond 2.4: ModelView.button fails to validate authorization.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2012-2238
- https://github.com/tryton/trytond/commit/4509595762da0c08fdf182e2bdf952cbbe300667
- https://github.com/tryton/trytond/commit/96cd5d58ea82fb746b42dc2ebde9b8f531368d53
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78435
- https://github.com/pypa/advisory-database/tree/main/vulns/trytond/PYSEC-2019-211.yaml
- https://security-tracker.debian.org/tracker/CVE-2012-2238
- https://web.archive.org/web/20200229115241/https://www.securityfocus.com/bid/55503
- http://hg.tryton.org/2.4/trytond/rev/279f0031b461
- http://www.openwall.com/lists/oss-security/2012/09/11/10
Пакеты
Наименование
trytond
pip
Затронутые версииВерсия исправления
>= 2.4.0, < 2.4.2
2.4.2
Связанные уязвимости
CVSS3: 7.5
ubuntu
около 6 лет назад
trytond 2.4: ModelView.button fails to validate authorization
CVSS3: 7.5
nvd
около 6 лет назад
trytond 2.4: ModelView.button fails to validate authorization
CVSS3: 7.5
debian
около 6 лет назад
trytond 2.4: ModelView.button fails to validate authorization