Security Release for issue5167


Veröffentlicht: 2015-12-17 07:00:00+00:00   |   Прочесть по-русски   |   Lire en français   |   Read in English   |   Llegeix-ho en català   |   Beri v slovenščini   |   Leer en español   |  Weitere Einträge über release security

Synopsis

A vulnerability in trytond has been found by Cédric Krier, that allow a malicious authenticated user to write on fields for which he doesn't have access (see issue5167).

Impact

Any authenticated user can write on field for which he doesn't have access. Other access rights are correctly enforced.

Workaround

There is no workaround.

Resolution

All users should upgrade trytond to the latest version.

Affected versions per series: <=3.8.0, <=3.6.4, <=3.4.7 and <=3.2.9

Non affected version per series: >=3.8.1, >=3.6.5, >=3.4.8 and >=3.2.10

Concern?

Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the type security.