Vulnerabilities > CVE-2023-27891 - Insufficient Session Expiration vulnerability in Rami Pretix

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
rami
CWE-613

Summary

rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1.

Common Weakness Enumeration (CWE)