6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
48.8%
pretalx before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents that trigger the reading of arbitrary files.
github.com/pretalx/pretalx
github.com/pretalx/pretalx/commit/60722c43cf975f319e94102e6bff320723776890
github.com/pretalx/pretalx/releases/tag/v2.3.2
nvd.nist.gov/vuln/detail/CVE-2023-28459
pretalx.com/p/news/security-release-232
www.sonarsource.com/blog/pretalx-vulnerabilities-how-to-get-accepted-at-every-conference