High severityNVD Advisory· Published Nov 22, 2018· Updated Aug 5, 2024
CVE-2018-19443
CVE-2018-19443
Description
The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt fails, but it contains in the header the current session of the user. This session could then be stolen by a man-in-the-middle.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
trytonPyPI | >= 5.0.0, < 5.0.1 | 5.0.1 |
Affected products
1Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-32w7-9whp-cjp9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-19443ghsaADVISORY
- bugs.tryton.org/issue7792ghsax_refsource_MISCWEB
- discuss.tryton.org/t/security-release-for-issue7792/830ghsax_refsource_MISCWEB
- github.com/pypa/advisory-database/tree/main/vulns/tryton/PYSEC-2018-77.yamlghsaWEB
News mentions
0No linked articles in our index yet.