CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-19443

MEDIUM
5.9
CVSS Severity Score
EPSS Score0.0130%
EPSS Percentile2.65th
Published2018年11月22日
Last Modified2024年11月21日

Vulnerability Description

The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt fails, but it contains in the header the current session of the user. This session could then be stolen by a man-in-the-middle.

Affected Platforms (CPE)

📦
Tryton

Tryton

= 5.0.0

References & Advisories

🔗 https://bugs.tryton.org/issue7792
🔗 https://discuss.tryton.org/t/security-release-for-issue7792/830
🔗 https://bugs.tryton.org/issue7792
🔗 https://discuss.tryton.org/t/security-release-for-issue7792/830

相关漏洞威胁

CVE-2014-66338.8

The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x...

CVE-2013-45107.8

Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers...

CVE-2019-108686.5

In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 bef...

CVE-2020-370146.4

Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to...