CVE-2019-10868

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-10868
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10868.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-10868
Aliases
Downstream
Published
2019-04-05T01:29:00.207Z
Modified
2026-04-02T01:29:36.732355Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right. This may allow the user to guess values.

References

Affected packages

Git / github.com/tryton/trytond

Affected ranges

Type
GIT
Repo
https://github.com/tryton/trytond
Events
Introduced
26938217164a2f84d2bf0bc851271af0d4880ec0
Fixed
3de46d5399b0e0b22dbdc5206b740c87d4cda5e1
Introduced
02f9c30520d1de6ad17b2f8dd00a997ace1793dc
Fixed
e3ddcfe9d2d92e9549659e83c5de2e44cab6c54f
Introduced
98565b84c9322c84781e2b69670832f8f87362c9
Fixed
b670084567205d83cb3099f286160f29062665f3
Introduced
a64abd4165136b507433812ed42e7f4289405a86
Fixed
6f411f903e77d2527ef5560976de3cbee6526fe1
Introduced
49399603b2eb8d9516df84e3a3855c885fcf9fc5
Fixed
acae5ad5ad40a6ef075720fdc9a38606f6ead244
Database specific 
{
    "versions": [
        {
            "introduced": "4.2.0"
        },
        {
            "fixed": "4.2.21"
        },
        {
            "introduced": "4.4.0"
        },
        {
            "fixed": "4.4.19"
        },
        {
            "introduced": "4.6.0"
        },
        {
            "fixed": "4.6.14"
        },
        {
            "introduced": "4.8.0"
        },
        {
            "fixed": "4.8.10"
        },
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.0.6"
        }
    ]
}

Affected versions

4.*
4.2.0
4.2.1
4.2.10
4.2.11
4.2.12
4.2.13
4.2.14
4.2.15
4.2.16
4.2.17
4.2.18
4.2.19
4.2.2
4.2.20
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.2.8
4.2.9
4.4.0
4.4.1
4.4.10
4.4.11
4.4.12
4.4.13
4.4.14
4.4.15
4.4.16
4.4.17
4.4.18
4.4.2
4.4.3
4.4.4
4.4.5
4.4.6
4.4.7
4.4.8
4.4.9
4.6.0
4.6.1
4.6.10
4.6.11
4.6.12
4.6.13
4.6.2
4.6.3
4.6.4
4.6.5
4.6.6
4.6.7
4.6.8
4.6.9
4.8.0
4.8.1
4.8.2
4.8.3
4.8.4
4.8.5
4.8.6
4.8.7
4.8.8
4.8.9
5.*
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.2.0
5.2.1
5.2.10
5.2.11
5.2.12
5.2.13
5.2.14
5.2.15
5.2.16
5.2.17
5.2.18
5.2.19
5.2.2
5.2.20
5.2.3
5.2.4
5.2.5
5.2.6
5.2.7
5.2.8
5.2.9
5.4.0
5.4.1
5.4.10
5.4.11
5.4.12
5.4.13
5.4.14
5.4.15
5.4.16
5.4.17
5.4.18
5.4.19
5.4.2
5.4.20
5.4.3
5.4.4
5.4.5
5.4.6
5.4.7
5.4.8
5.4.9
5.6.0
5.6.1
5.6.10
5.6.11
5.6.12
5.6.13
5.6.14
5.6.15
5.6.16
5.6.17
5.6.2
5.6.3
5.6.4
5.6.5
5.6.6
5.6.7
5.6.8
5.6.9
5.8.0
5.8.1
5.8.10
5.8.11
5.8.12
5.8.13
5.8.14
5.8.15
5.8.16
5.8.2
5.8.3
5.8.4
5.8.5
5.8.6
5.8.7
5.8.8
5.8.9
6.*
6.0.0
6.0.1
6.0.10
6.0.11
6.0.12
6.0.13
6.0.14
6.0.15
6.0.16
6.0.17
6.0.18
6.0.19
6.0.2
6.0.20
6.0.21
6.0.22
6.0.23
6.0.24
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.8
6.0.9
6.2.0
6.2.1
6.2.10
6.2.11
6.2.12
6.2.13
6.2.14
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.2.7
6.2.8
6.2.9
6.4.0
6.4.1
6.4.2
6.4.3
6.4.4
6.4.5
6.4.6
6.4.7
6.4.8
6.6.0
6.6.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10868.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    }
]