alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the `http://192.168.26.128:8080/admin/api/users/<user_id>` endpoint, which exposes the details of the provided user ID. This may also expose the API KEY in the username of the user. Version 2.0-M4-2402 fixes this issue.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HAlf
APPAlf< 2.0-m4-2402
Powiązane podatności
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior...
alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, an attacker can access data ...
Alf.io is a free and open source event attendance management system. In versions prior to 2.0-M4-2402 users ca...
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0...
Authorization Bypass Through User-Controlled Key in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.