Tryton trytond Access Control Vulnerability in HTML Editor Route

A vulnerability exists in Tryton trytond versions 6.0 prior to 7.6.11, 7.4 prior to 7.4.21, 7.0 prior to 7.0.40, and 6.0 prior to 6.0.70, where access rights are not properly enforced for the HTML editor route. This flaw allows low-privileged users to access another user's signature through a predictable URL, bypassing permission restrictions. The issue exposes user metadata and internal signature content that should be confidential.

Impact

Exploitation of this vulnerability allows unauthorized access to user signatures, including those of administrative users, potentially leading to unintended data disclosure.

Reproduction

To reproduce this vulnerability, log in as a low-privileged user and navigate to the HTML editor route for a specific user signature. The server will return the signature content, regardless of the requesting user's permissions. This issue can also be demonstrated by accessing the admin user's signature through the same route.

Remediation

Users should upgrade to Tryton trytond versions 7.6.11, 7.4.21, 7.0.40, or 6.0.70.