CVE-2023-27891: Insufficient Session Expiration in pretix

March 7, 2023 (updated October 21, 2024)

rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1.

References

github.com/advisories/GHSA-r76w-3wwq-jv6v
github.com/pypa/advisory-database/tree/main/vulns/pretix/PYSEC-2023-42.yaml
github.com/thufschmitt/pretix-nix
nvd.nist.gov/vuln/detail/CVE-2023-27891
pretix.eu/about/en/blog/20230306-release-4171

Code Behaviors & Features

Detect and mitigate CVE-2023-27891 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →