CVE-2017-0360
moderate-risk
Published 2017-04-04
file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.
Do I need to act?
-
0.32% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10
Medium
NETWORK
/ HIGH complexity
Affected Products (20)
Tryton
Tryton
Tryton
Tryton
Tryton
Tryton
Tryton
Tryton
Tryton
Tryton
Tryton
Tryton
Tryton
Tryton
Tryton
Tryton
Tryton
Tryton
Tryton
Tryton
Affected Vendors
References (8)
Third Party Advisory
http://www.securityfocus.com/bid/97489
Third Party Advisory
https://lists.debian.org/debian-security-announce/2017/msg00084.html
Third Party Advisory
http://www.securityfocus.com/bid/97489
Third Party Advisory
https://lists.debian.org/debian-security-announce/2017/msg00084.html
48
/ 100
moderate-risk
Severity
17/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
30/34 · Critical