Synopsis

A vulnerability in trytond has been found by German Dario Alvarez.
With issue10068, the WSGI server does not prevent serving files outside the root directory. This allows an attacker to retrieve the content of files for which the trytond user has read access.

Impact

CVSS v3.0 Base Score: 7.5

• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Scope: Unchanged
• Confidentiality: High
• Integrity: None
• Availability: None

Workaround

It is possible to setup a reverse-proxy in front of trytond that sanitize the request path.

Resolution

All affected users should upgrade trytond to the latest version.
Affected versions per series:

• 5.8: <= 5.8.3
• 5.6: <= 5.6.12
• 5.0: <=5.0.32

Non affected versions per series:

• 5.8: >= 5.8.4
• 5.6: >= 5.6.13
• 5.0: >=5.0.33

Reference

• Issue 10068: Directory loader can escape root directory - Tryton issue tracker

Concern?

Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the type security.

This topic was automatically closed after 30 days. New replies are no longer allowed.