PT-2017-10548 · Tryton · Tryton

Publicado

2017-04-04

Atualizado

2022-05-13

CVE-2017-0360

CVSS v4.0

6.0

Média

Vetor

AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Tryton versions 3.x through 4.2.2

Description The issue allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. This is due to an incomplete fix for a previous issue.

Recommendations For Tryton versions 3.x through 4.2.2, consider restricting file access permissions to minimize the risk of exploitation until a complete fix is available. As a temporary workaround, limit the ability of authenticated users to read files using the file open function.

Correção

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

CVE-2017-0360

DLA-882-1

DSA-3826-1

GHSA-7CWG-2575-3546

PYSEC-2017-97

Produtos afetados

Tryton

PT-2017-10548 · Tryton · Tryton

CVE-2017-0360

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 19