Lucene search

[email protected]NVD:CVE-2023-44463

HistoryOct 02, 2023 - 8:15 p.m.

CVE-2023-44463

2023-10-0220:15:10

CWE-290

[email protected]

web.nvd.nist.gov

pretix 2023.7.1

ip spoofing

configuration parsing

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

28.8%

JSON

An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoofing by users of the application.

Affected configurations

Nvd

Node

ramipretixRange<2023.7.1

VendorProductVersionCPE
ramipretix*cpe:2.3:a:rami:pretix:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rami	pretix	*	cpe:2.3:a:rami:pretix::::::::

References

github.com/pretix/pretix/commit/ccdce2ccb8207b82501af3c03f50abc0f819b469

github.com/pretix/pretix/compare/v2023.7.0...v2023.7.1

github.com/pretix/pretix/tags

pretix.eu/about/en/blog/20230911-release-2023-7-1/

pretix.eu/about/en/ticketing

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

28.8%

JSON

Related for NVD:CVE-2023-44463

vulnrichment1 osv3 prion1 cvelist1 veracode1 cve1 github1