Home

CVE-2022-26661

Description

An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.484

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2022-26661,CVE-2022-26662 are fixed in Python-trytond 5.0.46Windows
Vulnerabilities CVE-2022-26661,CVE-2022-26662 are fixed in Python-trytond 6.0.16Windows
Vulnerabilities CVE-2022-26661,CVE-2022-26662 are fixed in Python-trytond 6.2.6Windows
Vulnerabilities CVE-2022-26661,CVE-2022-26662 are fixed in Python-proteus 5.0.12Windows
Vulnerabilities CVE-2022-26661,CVE-2022-26662 are fixed in Python-proteus 6.0.5Windows
Vulnerabilities CVE-2022-26661,CVE-2022-26662 are fixed in Python-proteus 6.2.2Windows
tryton-proteus security update(DSA-5099-1) tryton-proteus_5.0.1-3+deb10u1_all.debLinux
tryton-proteus security update(DSA-5099-1) tryton-proteus_5.0.8-1+deb11u1_all.debLinux
Vulnerabilities CVE-2022-26661,CVE-2022-26662 are fixed in Python-trytond for linux 5.0.46Linux
Vulnerabilities CVE-2022-26661,CVE-2022-26662 are fixed in Python-trytond for linux 6.0.16Linux
Vulnerabilities CVE-2022-26661,CVE-2022-26662 are fixed in Python-trytond for linux 6.2.6Linux
Vulnerabilities CVE-2022-26661,CVE-2022-26662 are fixed in Python-proteus for linux 5.0.12Linux
Vulnerabilities CVE-2022-26661,CVE-2022-26662 are fixed in Python-proteus for linux 6.0.5Linux
Vulnerabilities CVE-2022-26661,CVE-2022-26662 are fixed in Python-proteus for linux 6.2.2Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234