CVE-2017-0360

Metadata

low
3.5
tryton-server
CVE-2017-0360
cve.mitre.org, lists.debian.org
2017-04-04
2017-10-23 14:17
CVE-2017-0360 tryton-server
2017-07-20 21:30
2017-06-16 19:21
2017-05-10 23:47
2017-04-14 10:21
2017-04-06 02:04

Description

file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
trusty tryton-server None
upstream tryton-server 4.2.1-2
xenial tryton-server None

Unaffected

Release Package Reason
precise tryton-server ignored
precise/esm tryton-server DNE
vivid/stable-phone-overlay tryton-server DNE
vivid/ubuntu-core tryton-server DNE
yakkety tryton-server ignored
zesty tryton-server not-affected
artful tryton-server not-affected
devel tryton-server not-affected