4 matches found
CVE-2026-5600
A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those th...
EUVD-2026-20463
A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those th...
CVE-2026-5600
CVE-2026-5600 involves a new API endpoint in pretix (2025 release) that should return check-in events for a specific event but instead exposes all check-in events under the organizer. The affected component is the API handling check-in data; the root cause is an endpoint mis-scoping that leaks re...
CVE-2026-5600
A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those th...