CVE-2016-1242
Publication date 7 September 2016
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.
Status
Package | Ubuntu Release | Status |
---|---|---|
tryton-server | 25.04 plucky |
Not affected
|
24.10 oracular |
Not affected
|
|
24.04 LTS noble |
Not affected
|
|
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal |
Not affected
|
|
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Vulnerable
|
|
14.04 LTS trusty | Not in release | |
Patch details
Package | Patch details |
---|---|
tryton-server |
Severity score breakdown
Parameter | Value |
---|---|
Base score |
|
Attack vector | Network |
Attack complexity | High |
Privileges required | High |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N |