Cedric Krier

**Name of the Vulnerable Software and Affected Versions** Tryton versions 4.2 through 4.2.20 Tryton versions 4.4 through 4.4.18 Tryton versions 4.6 through 4.6.13 Tryton versions 4.8 through 4.8.9 Tryton versions 5.0 through 5.0.5 **Description** The issue is related to the `modelstorage.py` component of the Tryton platform, which allows an authenticated user to order records based on a field for which they have no access right. This may enable the user to guess values, potentially disclosing protected information. **Recommendations** For Tryton versions 4.2 through 4.2.20, update to version 4.2.21 or later. For Tryton versions 4.4 through 4.4.18, update to version 4.4.19 or later. For Tryton versions 4.6 through 4.6.13, update to version 4.6.14 or later. For Tryton versions 4.8 through 4.8.9, update to version 4.8.10 or later. For Tryton versions 5.0 through 5.0.5, update to version 5.0.6 or later.