CVE-2017-0360

NONE EPSS 71.9%
Published Apr 4, 20179y ago · Modified Jun 17, 20262w ago
Find Similar
Published Apr 4, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.

Threat Intelligence

EPSS Exploit Probability
71.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-269 Improper Privilege Management Authorization

Affected Products 99

VendorProductVersionRange
trytontryton3.0.0any
trytontryton3.0.1any
trytontryton3.0.2any
trytontryton3.0.3any
trytontryton3.0.4any
trytontryton3.0.5any
trytontryton3.0.6any
trytontryton3.0.7any
trytontryton3.0.8any
trytontryton3.0.9any
trytontryton3.0.10any
trytontryton3.0.11any
trytontryton3.0.12any
trytontryton3.0.13any
trytontryton3.0.14any
trytontryton3.0.15any
trytontryton3.0.16any
trytontryton3.0.17any
trytontryton3.2.0any
trytontryton3.2.1any
trytontryton3.2.2any
trytontryton3.2.3any
trytontryton3.2.4any
trytontryton3.2.5any
trytontryton3.2.6any
trytontryton3.2.7any
trytontryton3.2.8any
trytontryton3.2.9any
trytontryton3.2.10any
trytontryton3.2.11any
trytontryton3.2.12any
trytontryton3.2.13any
trytontryton3.2.14any
trytontryton3.2.15any
trytontryton3.2.16any
trytontryton3.2.17any
trytontryton3.4.0any
trytontryton3.4.1any
trytontryton3.4.2any
trytontryton3.4.3any
trytontryton3.4.4any
trytontryton3.4.5any
trytontryton3.4.6any
trytontryton3.4.7any
trytontryton3.4.8any
trytontryton3.4.9any
trytontryton3.4.10any
trytontryton3.4.11any
trytontryton3.4.12any
trytontryton3.4.13any
trytontryton3.4.14any
trytontryton3.4.15any
trytontryton3.4.16any
trytontryton3.4.17any
trytontryton3.6.0any
trytontryton3.6.1any
trytontryton3.6.2any
trytontryton3.6.3any
trytontryton3.6.4any
trytontryton3.6.5any
trytontryton3.6.6any
trytontryton3.6.7any
trytontryton3.6.8any
trytontryton3.6.9any
trytontryton3.6.10any
trytontryton3.6.11any
trytontryton3.6.12any
trytontryton3.6.13any
trytontryton3.6.14any
trytontryton3.6.15any
trytontryton3.6.16any
trytontryton3.8.0any
trytontryton3.8.1any
trytontryton3.8.2any
trytontryton3.8.3any
trytontryton3.8.4any
trytontryton3.8.5any
trytontryton3.8.6any
trytontryton3.8.7any
trytontryton3.8.8any
trytontryton3.8.9any
trytontryton3.8.10any
trytontryton3.8.11any
trytontryton3.8.12any
trytontryton3.8.13any
trytontryton3.8.14any
trytontryton4.0.0any
trytontryton4.0.1any
trytontryton4.0.2any
trytontryton4.0.3any
trytontryton4.0.4any
trytontryton4.0.5any
trytontryton4.0.6any
trytontryton4.0.7any
trytontryton4.0.8any
trytontryton4.0.9any
trytontryton4.2.0any
trytontryton4.2.1any
trytontryton4.2.2any

References 4

  • hg.tryton.org http://hg.tryton.org/trytond?cmd=changeset%3Bnode=472510fdc6f8
  • debian.org http://www.debian.org/security/2017/dsa-3826
  • securityfocus.com http://www.securityfocus.com/bid/97489
    Third Party AdvisoryVDB Entry
  • lists.debian.org https://lists.debian.org/debian-security-announce/2017/msg00084.html
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.