CVE-2023-28458

Name of the Vulnerable Software and Affected Versions pretalx versions 2.3.1 through 2.3.1

Description The issue allows path traversal in HTML export, a non-default feature. Organizers can trigger the overwriting of an arbitrary file with the standard pretalx 404 page content.

Recommendations For pretalx version 2.3.1, update to version 2.3.2 to resolve the issue. As a temporary workaround, consider disabling the HTML export feature until a patch is available. Restrict access to the HTML export module to minimize the risk of exploitation.