PT-2019-2178 · Tryton · Tryton
Cedric Krier
·
Publicado
2019-04-02
·
Atualizado
2020-08-26
·
CVE-2019-10868
CVSS v4.0
7.1
Alta
| Vetor | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Tryton versions 4.2 through 4.2.20
Tryton versions 4.4 through 4.4.18
Tryton versions 4.6 through 4.6.13
Tryton versions 4.8 through 4.8.9
Tryton versions 5.0 through 5.0.5
Description
The issue is related to the
modelstorage.py component of the Tryton platform, which allows an authenticated user to order records based on a field for which they have no access right. This may enable the user to guess values, potentially disclosing protected information.Recommendations
For Tryton versions 4.2 through 4.2.20, update to version 4.2.21 or later.
For Tryton versions 4.4 through 4.4.18, update to version 4.4.19 or later.
For Tryton versions 4.6 through 4.6.13, update to version 4.6.14 or later.
For Tryton versions 4.8 through 4.8.9, update to version 4.8.10 or later.
For Tryton versions 5.0 through 5.0.5, update to version 5.0.6 or later.
Correção
Improper Access Control
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Tryton