ALT-PU-2025-15838-3
Package python3-module-trytond updated to version 7.8.0-alt1 for branch sisyphus in task 403069.
Closed vulnerabilities
Published: 2025-11-30
Modified: 2025-12-04
Modified: 2025-12-04
CVE-2025-66422
Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.
Severity: MEDIUM (4.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2025-11-30
Modified: 2025-12-04
Modified: 2025-12-04
CVE-2025-66423
Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.
Severity: HIGH (7.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
References:
Published: 2025-11-30
Modified: 2025-12-04
Modified: 2025-12-04
CVE-2025-66424
Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.
Severity: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References: