CVE-2013-4510
high
CVSS v3
—
CVSS v2
7.8
VIR risk
7.8
Description
Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a report.
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2013-4510
Vendor advisory: secalert@redhat.com — https://bugs.tryton.org/issue3446
Vendor advisory: secalert@redhat.com — http://www.tryton.org/posts/security-release-for-issue3446.html
Vendor advisory: secalert@redhat.com — http://hg.tryton.org/tryton/rev/357d0a4d9cb8
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 2.8.4-1 |
| debian | bullseye | fixed | 2.8.4-1 |
| debian | forky | fixed | 2.8.4-1 |
| debian | sid | fixed | 2.8.4-1 |
| debian | trixie | fixed | 2.8.4-1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| tryton | tryton | 3.0.0 | |
References
- http://hg.tryton.org/tryton/rev/357d0a4d9cb8
- http://www.debian.org/security/2013/dsa-2791
- http://www.openwall.com/lists/oss-security/2013/11/04/21
- http://www.tryton.org/posts/security-release-for-issue3446.html
- https://bugs.tryton.org/issue3446
- https://nvd.nist.gov/vuln/detail/CVE-2013-4510
- https://github.com/pypa/advisory-database/tree/main/vulns/tryton/PYSEC-2013-28.yaml
- https://security-tracker.debian.org/tracker/CVE-2013-4510
CWEs
CWE-22
Verify integrity in audit chain (admin only). AS-IS.