"Brandon Da Costa and Mahdi Afshar have found that sao executes JavaScript included in HTML documents (such as attachments). These documents may be uploaded by any authenticated user. The JavaScript is executed in the same context as sao which gives access to sensitive data such as the session. Impact CVSS v3.0 Base Score: 7.3 Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High"
"If the inbound_email and document_incoming modules are activated, the impact increases as anybody can send emails with attachments: CVSS v3.0 Base Score: 8.1 Workaround There is no general workaround. For inbound email blocking emails with HTML attachments will block this attack vector. Resolution All affected users should upgrade sao to the latest version. Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the confidential checkbox checked."
sao executes JavaScript embedded in HTML documents, including attachments uploaded by any authenticated user. The executed JavaScript runs in the same context as sao and can access sensitive data such as session information. The baseline CVSS v3.0 score is 7.3 with network attack vector, low complexity, low privileges, required user interaction, and high confidentiality and integrity impact. If inbound_email and document_incoming modules are enabled, attackers can send emails with HTML attachments, raising the CVSS score to 8.1. No general workaround exists; blocking HTML attachments in inbound email can mitigate that vector. All affected users must upgrade sao to the latest version. Security concerns should be reported to the bug-tracker with confidentiality selected.
Read at Tryton Discussion
Unable to calculate read time
Collection
[
|
...
]