CNNVD-202512-3768 Information

CNNVD ID

CNNVD-202512-3768

Related CVE

CVE-2025-14882

• CNNVD Published: 2025-12-19

Description (Chinese)

pretix-offlinesales是德国pretix公司的一个票务系统的扩展插件。 pretix-offlinesales存在安全漏洞，该漏洞源于API端点允许通过UUID访问敏感文件，可能导致未授权数据访问。

Description (English)

Pretix-offlinesales is an extension of a ticket system of Pretix Germany. There is a security loophole in pretix-offlinesales, which stems from the API endpoint allowing access to sensitive documents through UUID, which may lead to unauthorized data access.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

pretix

Published

2025-12-19

Last Modified

2026-02-24

References

https://pretix.eu/about/en/blog/20251218-release-2025-10-1/ https://access.redhat.com/security/cve/cve-2025-14882

Patch

https://pretix.eu/about/en/blog/20251219-release-2025-10-1/