PYSEC-2026-1803

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/pretix/PYSEC-2026-1803.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1803
Aliases
Published
2026-07-07T16:03:13.727414Z
Modified
2026-07-07T17:48:07.166967701Z
Severity
  • 3.8 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U CVSS Calculator
Summary
pretix has Broken Access Control Allowing Cross-User File Access via UUID
Details

Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only.

References

Affected packages

PyPI / pretix

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2025.8.3
Introduced
2025.9.0
Fixed
2025.9.3
Introduced
2025.10.0
Fixed
2025.10.1

Affected versions

1.*
1.0.0b1
1.0.0b2
1.0.0
1.1.0
1.1.1
1.1.2
1.1.3
1.2.0
1.2.1.post2
1.2.2
1.3.0
1.3.0.post1
1.3.1
1.4.0
1.4.1
1.5.0
1.5.1
1.5.2
1.6.0
1.6.1
1.6.2
1.7.1
1.7.2
1.8.0
1.8.1
1.9.0
1.9.1
1.10.0
1.10.1
1.11.0
1.11.1
1.12.0
1.12.1
1.13.0
1.13.1
1.14.0
1.15.0
1.15.1
1.15.2
1.16.0
1.17.0
1.17.1
2.*
2.0.0
2.1.0
2.2.0
2.3.0
2.4.0
2.5.0
2.6.0
2.7.0
2.7.1
2.7.2
2.8.2
3.*
3.0.0
3.0.1
3.1.0
3.2.0
3.3.0
3.4.0
3.5.0
3.6.0
3.6.0.post1
3.7.0
3.8.0
3.9.0
3.10.0
3.11.0
3.11.1
3.12.0
3.12.1
3.13.0
3.13.1
3.14.0
3.14.1
3.14.2
3.15.0
3.16.0
3.17.1
3.17.2
3.18.0
4.*
4.0.0
4.1.0
4.2.0
4.3.0
4.3.1
4.4.0
4.4.1
4.5.0
4.5.1
4.5.2
4.6.0
4.6.1
4.7.0
4.7.1
4.8.0
4.9.0
4.9.1
4.10.0
4.10.1
4.11.0
4.11.1
4.12.0
4.13.0
4.13.1
4.14.0.dev0
4.14.0
4.15.0.dev0
4.15.0
4.15.1
4.16.0
4.16.1
4.17.0
4.17.1
4.18.0
4.18.1
4.18.2
4.18.2.post1
4.19.0
4.20.0
4.20.1
4.20.2.post1
4.20.4
2023.*
2023.6.0
2023.6.1
2023.6.3
2023.7.0
2023.7.1
2023.7.3
2023.8.0
2023.8.1
2023.9.0
2023.9.1
2023.10.0
2023.10.1.post1
2023.10.2
2024.*
2024.1.0
2024.1.1
2024.2.0
2024.3.0
2024.4.0
2024.5.0
2024.5.1
2024.6.0
2024.6.1
2024.7.0
2024.7.1
2024.8.0
2024.9.0
2024.10.0
2024.11.0
2025.*
2025.1.0
2025.2.0
2025.3.0
2025.4.0
2025.5.0
2025.6.0
2025.7.0
2025.7.1
2025.7.2
2025.7.3
2025.8.0
2025.8.1
2025.8.2
2025.9.0
2025.9.1
2025.9.2
2025.10.0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/pretix/PYSEC-2026-1803.yaml"