[Git][security-tracker-team/security-tracker][master] Add three new tryton-server issues

Sun Nov 23 13:32:02 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
45540bc7 by Salvatore Bonaccorso at 2025-11-23T14:31:30+01:00
Add three new tryton-server issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2025-XXXX [Export data does not enforce access rights]
+	- tryton-server <unfixed>
+	NOTE: https://discuss.tryton.org/t/security-release-for-issue-14366/8953
+	NOTE: https://foss.heptapod.net/tryton/tryton/-/issues/14366
+CVE-2025-XXXX [IDOR / Access Control Issue - Unauthorized Access to User Signatures]
+	- tryton-server <unfixed>
+	NOTE: https://discuss.tryton.org/t/security-release-for-issue-14364/8952
+	NOTE: https://foss.heptapod.net/tryton/tryton/-/issues/14364
+CVE-2025-XXXX [Information disclosure: unhandled KeyError returns full Python stack trace for unknown fields in JSON-RPC (model.party.party.create)]
+	- tryton-server <unfixed>
+	NOTE: https://discuss.tryton.org/t/security-release-for-issue-14354/8950
+	NOTE: https://foss.heptapod.net/tryton/tryton/-/issues/14354
 CVE-2025-XXXX [Stored XSS Vulnerability Found in Party Field Leading to Arbitrary JavaScript Execution]
 	- tryton-sao <unfixed>
 	NOTE: https://discuss.tryton.org/t/security-release-for-issue-14363/8951



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45540bc7dcd91f50f39172b356f019405a8c1446

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45540bc7dcd91f50f39172b356f019405a8c1446
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251123/d4694b12/attachment.htm>
