CVE-2019-10868
- Source
- https://cve.org/CVERecord?id=CVE-2019-10868
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10868.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-10868
- Aliases
- Downstream
- Published
- 2019-04-05T01:29:00.207Z
- Modified
- 2026-04-10T04:13:58.055679Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right. This may allow the user to guess values.
- References
Affected packages
Git / github.com/tryton/trytond
Affected ranges
- Type
- GIT
- Repo
- https://github.com/tryton/trytond
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "4.2.0" }, { "fixed": "4.2.21" }, { "introduced": "4.4.0" }, { "fixed": "4.4.19" }, { "introduced": "4.6.0" }, { "fixed": "4.6.14" }, { "introduced": "4.8.0" }, { "fixed": "4.8.10" }, { "introduced": "5.0.0" }, { "fixed": "5.0.6" } ] }
Affected versions
4.*
4.2.0
4.2.1
4.2.10
4.2.11
4.2.12
4.2.13
4.2.14
4.2.15
4.2.16
4.2.17
4.2.18
4.2.19
4.2.2
4.2.20
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.2.8
4.2.9
4.4.0
4.4.1
4.4.10
4.4.11
4.4.12
4.4.13
4.4.14
4.4.15
4.4.16
4.4.17
4.4.18
4.4.2
4.4.3
4.4.4
4.4.5
4.4.6
4.4.7
4.4.8
4.4.9
4.6.0
4.6.1
4.6.10
4.6.11
4.6.12
4.6.13
4.6.2
4.6.3
4.6.4
4.6.5
4.6.6
4.6.7
4.6.8
4.6.9
4.8.0
4.8.1
4.8.2
4.8.3
4.8.4
4.8.5
4.8.6
4.8.7
4.8.8
4.8.9
5.*
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5