Описание
pretix has Broken Access Control Allowing Cross-User File Access via UUID
An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only.
Пакеты
Наименование
pretix
pip
Затронутые версииВерсия исправления
>= 2025.10.0, < 2025.10.1
2025.10.1
Наименование
pretix
pip
Затронутые версииВерсия исправления
>= 2025.9.0, < 2025.9.3
2025.9.3
Наименование
pretix
pip
Затронутые версииВерсия исправления
< 2025.8.3
2025.8.3
Связанные уязвимости
nvd
около 2 месяцев назад
An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only.