alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, an attacker can access data from other organizers. The attacker can use a specially crafted request to receive the e-mail log sent by other events. Version 2.0-M4-2402 fixes this issue.
Metrics
Affected Vendors & Products
References
History
Wed, 18 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Alf
Alf alf |
|
Weaknesses | NVD-CWE-Other | |
CPEs | cpe:2.3:a:alf:alf:*:*:*:*:*:*:*:* | |
Vendors & Products |
Alf
Alf alf |
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-02-19T19:53:52.668Z
Updated: 2024-08-01T23:44:09.810Z
Reserved: 2024-02-08T22:26:33.513Z
Link: CVE-2024-25634
Vulnrichment
Updated: 2024-08-01T23:44:09.810Z
NVD
Status : Analyzed
Published: 2024-02-19T20:15:45.707
Modified: 2024-12-18T17:55:31.463
Link: CVE-2024-25634
Redhat
No data.