CVE-2017-0360: Improper Privilege Management

April 4, 2017 (updated October 3, 2019)

file_open in Tryton allows remote authenticated users with certain permissions to read arbitrary files via a “same root name but with a suffix” attack.

References

hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8
www.securityfocus.com/bid/97489
nvd.nist.gov/vuln/detail/CVE-2017-0360

Detect and mitigate CVE-2017-0360 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →