Home
MEDIUM: 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NDefault status
unaffected
6.0.0 (semver) before 6.0.70
affected
7.0.0 (semver) before 7.0.40
affected
7.1.0 (semver) before 7.4.21
affected
7.5.0 (semver) before 7.6.11
affected
Description
Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.
Problem types
CWE-863 Incorrect Authorization
Product status
6.0.0 (semver) before 6.0.70
7.0.0 (semver) before 7.0.40
7.1.0 (semver) before 7.4.21
7.5.0 (semver) before 7.6.11
References
discuss.tryton.org/t/security-release-for-issue-14366/8953
foss.heptapod.net/tryton/tryton/-/issues/14366
