Описание
file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 4.2.1-2 |
| bionic | not-affected | 4.2.1-2 |
| cosmic | not-affected | 4.2.1-2 |
| devel | not-affected | 4.2.1-2 |
| disco | not-affected | 4.2.1-2 |
| eoan | not-affected | 4.2.1-2 |
| esm-apps/bionic | not-affected | 4.2.1-2 |
| esm-apps/focal | not-affected | 4.2.1-2 |
| esm-apps/jammy | not-affected | 4.2.1-2 |
| esm-apps/noble | not-affected | 4.2.1-2 |
Показывать по
EPSS
3.5 Low
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.
file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authentica ...
EPSS
3.5 Low
CVSS2
5.3 Medium
CVSS3