CVE-2024-25634

Name of the Vulnerable Software and Affected Versions alf.io versions prior to 2.0-Mr-2402

Description The issue affects an open source ticket reservation system, allowing an attacker to access data from other organizers by using a specially crafted request to receive the e-mail log sent by other events.

Recommendations For versions prior to 2.0-Mr-2402, update to version 2.0-M4-2402 to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and implementing additional security measures to minimize the risk of exploitation.