Bugzilla – Bug 1214682
VUL-0: trytond: Security Release for issue #12428
Last modified: 2023-08-28 12:22:17 UTC
Security Release for issue #12428 Synopsis: Edbo 3 and Cédric Krier 1 have found that record rules are not enforced 6 by trytond when only reading fields without an SQL type (like Function fields). Impact CVSS v3.0 Base Score: 6.5 4: Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None Workaround: There is no known workaround. Resolution: All affected users should upgrade trytond to the latest version. Affected versions per series: trytond: 6.8: <= 6.8.2 6.6: <= 6.6.10 6.0: <= 6.0.33 5.0: <= 5.0.59 Non affected versions per series: trytond: 6.8: >= 6.8.3 6.6: >= 6.6.11 6.0: >= 6.0.34 5.0: >= 5.0.60 References: https://security-tracker.debian.org/tracker/DSA-5482-1 https://security-tracker.debian.org/tracker/tryton-server https://discuss.tryton.org/t/security-release-for-issue-12428/6397
Double to boo#1213869 *** This bug has been marked as a duplicate of bug 1213869 ***