CVE-2023-27891

Insufficient Session Expiration in pypi/pretix

Identifiers

GHSA-r76w-3wwq-jv6v, CVE-2023-27891

Package Slug

pypi/pretix

Vulnerability

Insufficient Session Expiration

Description

rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1.

Affected Versions

All versions before 4.15.1, all versions starting from 4.16.0 before 4.16.1, all versions starting from 4.17.0 before 4.17.1

Solution

Upgrade to versions 4.16.1, 4.17.1, 4.15.1 or above.

Last Modified

2023-03-16

source