Veracode Vulnerability DatabaseVERACODE:43564Improper Authorization
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
Percentile
28.8%
pretix is vulnerable to Improper Authorization. An attacker is able to exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable pretix instance. This request could contain a malicious X-Forwarded-For header that spoofs the attacker’s IP address. If the pretix instance is vulnerable, it will trust the malicious X-Forwarded-For header and log the attacker’s IP address as the source of the request which could allow the attacker to hide their identity or to impersonate another user.
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
Percentile
28.8%