CVE-2013-4510

high

Description

Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a report.

References

https://bugs.tryton.org/issue3446

http://www.tryton.org/posts/security-release-for-issue3446.html

http://www.openwall.com/lists/oss-security/2013/11/04/21

http://www.debian.org/security/2013/dsa-2791

Details

Source: Mitre, NVD

Published: 2013-11-18

Updated: 2013-11-20

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N