"Cédric Krier has found that trytond does not enforce access rights for data export (since version 6.0)."
"Impact CVSS v3.0 Base Score: 6.5 Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None Workaround There is no workaround. Resolution All affected users should upgrade trytond to the latest version."
"Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the confidential checkbox checked."
trytond does not enforce access rights for data export since version 6.0. The vulnerability permits network attackers to export confidential data without user interaction and with low privileges required. CVSS v3.0 Base Score is 6.5 with Attack Vector: Network, Attack Complexity: Low, Privileges Required: Low, User Interaction: None, Scope: Unchanged, Confidentiality: High, Integrity: None, Availability: None. There is no workaround. All affected users should upgrade trytond to the latest version. Affected versions per series and non affected versions per series are not specified. Security concerns should be reported at https://bugs.tryton.org/ with the confidential checkbox checked.
Read at Tryton Discussion
Unable to calculate read time
Collection
[
|
...
]