{"id":"PYSEC-2023-42","details":"rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1.","aliases":["CVE-2023-27891","GHSA-r76w-3wwq-jv6v"],"modified":"2023-11-08T04:12:07.623781Z","published":"2023-03-06T23:15:00Z","references":[{"type":"ARTICLE","url":"https://pretix.eu/about/en/blog/20230306-release-4171/"}],"affected":[{"package":{"name":"pretix","ecosystem":"PyPI","purl":"pkg:pypi/pretix"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.17.1"}]}],"versions":["1.0.0","1.0.0b1","1.0.0b2","1.1.0","1.1.1","1.1.2","1.1.3","1.10.0","1.10.1","1.11.0","1.11.1","1.12.0","1.12.1","1.13.0","1.13.1","1.14.0","1.15.0","1.15.1","1.15.2","1.16.0","1.17.0","1.17.1","1.2.0","1.2.1.post2","1.2.2","1.3.0","1.3.0.post1","1.3.1","1.4.0","1.4.1","1.5.0","1.5.1","1.5.2","1.6.0","1.6.1","1.6.2","1.7.1","1.7.2","1.8.0","1.8.1","1.9.0","1.9.1","2.0.0","2.1.0","2.2.0","2.3.0","2.4.0","2.5.0","2.6.0","2.7.0","2.7.1","2.7.2","2.8.2","3.0.0","3.0.1","3.1.0","3.10.0","3.11.0","3.11.1","3.12.0","3.12.1","3.13.0","3.13.1","3.14.0","3.14.1","3.14.2","3.15.0","3.16.0","3.17.1","3.17.2","3.18.0","3.2.0","3.3.0","3.4.0","3.5.0","3.6.0","3.6.0.post1","3.7.0","3.8.0","3.9.0","4.0.0","4.1.0","4.10.0","4.10.1","4.11.0","4.11.1","4.12.0","4.13.0","4.13.1","4.14.0","4.14.0.dev0","4.15.0","4.15.0.dev0","4.15.1","4.16.0","4.16.1","4.17.0","4.2.0","4.3.0","4.3.1","4.4.0","4.4.1","4.5.0","4.5.1","4.5.2","4.6.0","4.6.1","4.7.0","4.7.1","4.8.0","4.9.0","4.9.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pretix/PYSEC-2023-42.yaml"}}],"schema_version":"1.7.3"}