CVE-2022-26661

Sažetak

An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system.

Reference

https://bugs.tryton.org/issue11219
https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059
https://lists.debian.org/debian-lts-announce/2022/03/msg00016.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00017.html
https://www.debian.org/security/2022/dsa-5098
https://www.debian.org/security/2022/dsa-5099

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

18-03-2022 - 14:46

Objavljeno

10-03-2022 - 17:47