CVE-2023-44463

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-44463
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-44463.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-44463
Aliases
Published
2023-10-02T20:15:10Z
Modified
2025-01-15T05:00:05.221576Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoofing by users of the application.

References

Affected packages

Git / github.com/pretix/pretix

Affected ranges

Type
GIT
Repo
https://github.com/pretix/pretix
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

1.*

1.0.0
1.0.0b1
1.0.0b2

Other

s

v1.*

v1.1.0
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.17.0
v1.2.0
v1.3.0
v1.4.0
v1.5.0
v1.6.0
v1.7.0
v1.8.0
v1.9.0

v2.*

v2.0.0
v2.1.0
v2.2.0
v2.3.0
v2.4.0
v2.5.0
v2.6.0
v2.7.0
v2.8.0

v2023.*

v2023.6.0
v2023.7.0

v3.*

v3.0.0
v3.1.0
v3.10.0
v3.11.0
v3.13.0
v3.14.0
v3.15.0
v3.16.0
v3.17.0
v3.18.0
v3.2.0
v3.3.0
v3.4.0
v3.5.0
v3.6.0
v3.7.0
v3.8.0
v3.9.0

v4.*

v4.0.0
v4.1.0
v4.10.0
v4.11.0
v4.12.0
v4.13.0
v4.14.0
v4.15.0
v4.16.0
v4.17.0
v4.18.0
v4.19.0
v4.2.0
v4.20.0
v4.3.0
v4.5.0
v4.6.0
v4.7.0
v4.8.0
v4.9.0