PT-2023-29245 · Pretix · Pretix
Published
2023-10-02
·
Updated
2024-09-23
·
CVE-2023-44463
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
pretix versions prior to 2023.7.1
Description
An issue was discovered in the application where incorrect parsing of configuration files causes it to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoofing by users of the application.
Recommendations
For versions prior to 2023.7.1, update to version 2023.7.1 or later to resolve the issue. As a temporary workaround, consider restricting the trust of X-Forwarded-For headers until a patch is applied.
Fix
Authentication Bypass by Spoofing
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pretix