cbcvebase.
CVE-2023-27891
published 2023-03-06

CVE-2023-27891: rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1.

PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.62%
45.3th percentile
rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1.

Affected

7 ranges
VendorProductVersion rangeFixed in
pretixpretix>= 0 < 4.17.14.17.1
pretixpretix>= 0 < 4.15.14.15.1
pretixpretix>= 4.16.0 < 4.16.14.16.1
pretixpretix>= 4.17.0 < 4.17.14.17.1
ramipretix
ramipretix
ramipretix>= 1.16.0 < 4.15.14.15.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.