Security Release for issues #13505 and #13506
Briefly

from Tryton Discussion4 months ago
Albert Cervera identified that trytond's report execution can be performed even for records that users lack read access to, revealing serious security flaws.
Tryton Discussionhttps://discuss.tryton.org/t/security-release-for-issues-13505-and-13506/7846
The CVSS v3.0 base score of 4.3 indicates a moderate security risk, with a low attack complexity and privileges required, making it an easier target for exploitation.
Tryton Discussionhttps://discuss.tryton.org/t/security-release-for-issues-13505-and-13506/7846
Currently, there is no available workaround for the vulnerabilities found in trytond, emphasizing the necessity for all users to upgrade to the latest version.
Tryton Discussionhttps://discuss.tryton.org/t/security-release-for-issues-13505-and-13506/7846
Users are encouraged to report any additional security concerns to the bug-tracker, ensuring a robust response to potential risks within trytond.
Tryton Discussionhttps://discuss.tryton.org/t/security-release-for-issues-13505-and-13506/7846
Read at Tryton Discussion
#trytond #security-vulnerability #report-execution #cvss #upgrade
[
|
]