GHSA-r76w-3wwq-jv6v, CVE-2023-27891
pypi/pretix
Insufficient Session Expiration
rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1.
All versions before 4.15.1, all versions starting from 4.16.0 before 4.16.1, all versions starting from 4.17.0 before 4.17.1
Upgrade to versions 4.16.1, 4.17.1, 4.15.1 or above.
2023-03-16
source |