CVE-2025-14882
EPSS 0.06%pretix has Broken Access Control Allowing Cross-User File Access via UUID
發布日:2025/12/19修改日:2025/12/20
描述
An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only.
受影響套件(1)
- PyPI/pretix>= 2025.10.0, < 2025.10.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U |