EPSS
Percentile
73.0%
trytond is vulnerable to information disclosure. There is no checking for order against the field value in the search function, allowing an authenticated user to guess a field for which he has no access right and order records based on that value.
bugs.tryton.org/issue8189
discuss.tryton.org/t/security-release-for-issue8189/1262
hg.tryton.org/trytond/rev/f58bbfe0aefb
seclists.org/bugtraq/2019/Apr/14
www.debian.org/security/2019/dsa-4426