CVE-2017-0360
NONE EPSS 71.9%
Published Apr 4, 20179y ago · Modified Jun 17, 20262w ago
Published Apr 4, 2017 9y ago
Last Modified Jun 17, 2026 2w ago
Description
file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.
Threat Intelligence
EPSS Exploit Probability
71.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-269 Improper Privilege Management Authorization
Affected Products 99
| Vendor | Product | Version | Range |
|---|---|---|---|
| tryton | tryton | 3.0.0 | any |
| tryton | tryton | 3.0.1 | any |
| tryton | tryton | 3.0.2 | any |
| tryton | tryton | 3.0.3 | any |
| tryton | tryton | 3.0.4 | any |
| tryton | tryton | 3.0.5 | any |
| tryton | tryton | 3.0.6 | any |
| tryton | tryton | 3.0.7 | any |
| tryton | tryton | 3.0.8 | any |
| tryton | tryton | 3.0.9 | any |
| tryton | tryton | 3.0.10 | any |
| tryton | tryton | 3.0.11 | any |
| tryton | tryton | 3.0.12 | any |
| tryton | tryton | 3.0.13 | any |
| tryton | tryton | 3.0.14 | any |
| tryton | tryton | 3.0.15 | any |
| tryton | tryton | 3.0.16 | any |
| tryton | tryton | 3.0.17 | any |
| tryton | tryton | 3.2.0 | any |
| tryton | tryton | 3.2.1 | any |
| tryton | tryton | 3.2.2 | any |
| tryton | tryton | 3.2.3 | any |
| tryton | tryton | 3.2.4 | any |
| tryton | tryton | 3.2.5 | any |
| tryton | tryton | 3.2.6 | any |
| tryton | tryton | 3.2.7 | any |
| tryton | tryton | 3.2.8 | any |
| tryton | tryton | 3.2.9 | any |
| tryton | tryton | 3.2.10 | any |
| tryton | tryton | 3.2.11 | any |
| tryton | tryton | 3.2.12 | any |
| tryton | tryton | 3.2.13 | any |
| tryton | tryton | 3.2.14 | any |
| tryton | tryton | 3.2.15 | any |
| tryton | tryton | 3.2.16 | any |
| tryton | tryton | 3.2.17 | any |
| tryton | tryton | 3.4.0 | any |
| tryton | tryton | 3.4.1 | any |
| tryton | tryton | 3.4.2 | any |
| tryton | tryton | 3.4.3 | any |
| tryton | tryton | 3.4.4 | any |
| tryton | tryton | 3.4.5 | any |
| tryton | tryton | 3.4.6 | any |
| tryton | tryton | 3.4.7 | any |
| tryton | tryton | 3.4.8 | any |
| tryton | tryton | 3.4.9 | any |
| tryton | tryton | 3.4.10 | any |
| tryton | tryton | 3.4.11 | any |
| tryton | tryton | 3.4.12 | any |
| tryton | tryton | 3.4.13 | any |
| tryton | tryton | 3.4.14 | any |
| tryton | tryton | 3.4.15 | any |
| tryton | tryton | 3.4.16 | any |
| tryton | tryton | 3.4.17 | any |
| tryton | tryton | 3.6.0 | any |
| tryton | tryton | 3.6.1 | any |
| tryton | tryton | 3.6.2 | any |
| tryton | tryton | 3.6.3 | any |
| tryton | tryton | 3.6.4 | any |
| tryton | tryton | 3.6.5 | any |
| tryton | tryton | 3.6.6 | any |
| tryton | tryton | 3.6.7 | any |
| tryton | tryton | 3.6.8 | any |
| tryton | tryton | 3.6.9 | any |
| tryton | tryton | 3.6.10 | any |
| tryton | tryton | 3.6.11 | any |
| tryton | tryton | 3.6.12 | any |
| tryton | tryton | 3.6.13 | any |
| tryton | tryton | 3.6.14 | any |
| tryton | tryton | 3.6.15 | any |
| tryton | tryton | 3.6.16 | any |
| tryton | tryton | 3.8.0 | any |
| tryton | tryton | 3.8.1 | any |
| tryton | tryton | 3.8.2 | any |
| tryton | tryton | 3.8.3 | any |
| tryton | tryton | 3.8.4 | any |
| tryton | tryton | 3.8.5 | any |
| tryton | tryton | 3.8.6 | any |
| tryton | tryton | 3.8.7 | any |
| tryton | tryton | 3.8.8 | any |
| tryton | tryton | 3.8.9 | any |
| tryton | tryton | 3.8.10 | any |
| tryton | tryton | 3.8.11 | any |
| tryton | tryton | 3.8.12 | any |
| tryton | tryton | 3.8.13 | any |
| tryton | tryton | 3.8.14 | any |
| tryton | tryton | 4.0.0 | any |
| tryton | tryton | 4.0.1 | any |
| tryton | tryton | 4.0.2 | any |
| tryton | tryton | 4.0.3 | any |
| tryton | tryton | 4.0.4 | any |
| tryton | tryton | 4.0.5 | any |
| tryton | tryton | 4.0.6 | any |
| tryton | tryton | 4.0.7 | any |
| tryton | tryton | 4.0.8 | any |
| tryton | tryton | 4.0.9 | any |
| tryton | tryton | 4.2.0 | any |
| tryton | tryton | 4.2.1 | any |
| tryton | tryton | 4.2.2 | any |
References 4
- hg.tryton.org http://hg.tryton.org/trytond?cmd=changeset%3Bnode=472510fdc6f8
- debian.org http://www.debian.org/security/2017/dsa-3826
- securityfocus.com http://www.securityfocus.com/bid/97489
- lists.debian.org https://lists.debian.org/debian-security-announce/2017/msg00084.html
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.