Affecting tryton package, versions [5.0.0, 5.0.1)
tryton is a three-tiers high-level general purpose application platform written in Python and use Postgresql as database engine.
Affected versions of this package are vulnerable to Man in the middle attack. The client tried to make a connection to the bus in cleartext instead of encrypted under certain circumstances in
jsonrpc.py. This connection attempt failed, but it contained in the header the current session of the user. This session could then be stolen by a man-in-the-middle.
tryton to version 5.0.1 or higher.