GHSA-52j9-v3jc-9xgc

Suggest an improvement
Source
https://github.com/advisories/GHSA-52j9-v3jc-9xgc
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-52j9-v3jc-9xgc/GHSA-52j9-v3jc-9xgc.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-52j9-v3jc-9xgc
Aliases
Published
2022-05-17T03:49:11Z
Modified
2024-11-22T18:33:40.902064Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
  • 6.0 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Tryton allows users to read the hashed password
Details

Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.

Database specific
{
    "nvd_published_at": "2016-09-07T19:28:00Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-29T16:35:59Z"
}
References

Affected packages

PyPI / trytond

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.0
Fixed
3.2.17

Affected versions

3.*

3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.0.10
3.0.11
3.0.12
3.0.13
3.0.14
3.0.15
3.0.16
3.0.17
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7
3.2.8
3.2.9
3.2.10
3.2.11
3.2.12
3.2.13
3.2.14
3.2.15
3.2.16

PyPI / trytond

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.4.0
Fixed
3.4.14

Affected versions

3.*

3.4.0
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
3.4.6
3.4.7
3.4.8
3.4.9
3.4.10
3.4.11
3.4.12
3.4.13

PyPI / trytond

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.8.0
Fixed
3.8.8

Affected versions

3.*

3.8.0
3.8.1
3.8.2
3.8.3
3.8.4
3.8.5
3.8.6
3.8.7

PyPI / trytond

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.6.0
Fixed
3.6.12

Affected versions

3.*

3.6.0
3.6.1
3.6.2
3.6.3
3.6.4
3.6.5
3.6.6
3.6.7
3.6.8
3.6.9
3.6.10
3.6.11

PyPI / trytond

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Fixed
4.0.4

Affected versions

4.*

4.0.0
4.0.1
4.0.2
4.0.3