CVE-2017-0360 tryton-server

Metadata

low
3.5
tryton-server
CVE-2017-0360
2017-06-18 07:51
CVE-2017-0360
2017-06-16 19:21
2017-04-13 05:03
2017-04-06 05:03
2017-04-04 17:03
2017-04-04 11:03
2017-04-04 10:03
2017-04-04 06:03

Description

file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
buster tryton-server 4.2.1-2
jessie tryton-server 3.4.0-3+deb8u3
sid tryton-server 4.2.1-2
stretch tryton-server 4.2.1-2
wheezy tryton-server 2.2.4-1+deb7u4