"Luis Falcon has found that trytond may log sensitive data like passwords when the logging level is set to INFO. Impact CVSS v3.0 Base Score: 4.2 Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None"
"Workaround Increasing the logging level above INFO prevents logging of the sensitive data. Resolution All affected users should upgrade trytond to the latest version. Affected versions per series: Non affected versions per series: Reference Concerns? Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the confidential checkbox checked."
A logging issue in trytond can record sensitive data such as passwords when the logging level is set to INFO. The issue has a CVSS v3.0 base score of 4.2 with network attack vector, low complexity, high privileges required, no user interaction, unchanged scope, high confidentiality impact, and no integrity or availability impact. Increasing the logging level above INFO prevents the sensitive data from being logged. All affected users should upgrade trytond to the latest version. Affected and non-affected versions are identified per series. Security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with confidentiality enabled.
Read at Tryton Discussion
Unable to calculate read time
Collection
[
|
...
]