Path Traversal Vulnerability in pretalx Product by Pretalx
CVE-2023-28459

6.5MEDIUM

Key Information:

Vendor: Pretalx
Status: Pretalx
Vendor: CVE Published:; 20 April 2023

What is CVE-2023-28459?

The pretalx application versions prior to 2.3.2 are susceptible to a path traversal vulnerability that affects the HTML export feature. This flaw allows users to upload specially crafted HTML files, which can lead to the reading of arbitrary files on the server. As a result, an attacker could gain unauthorized access to sensitive information, posing significant security risks if left unaddressed. It is crucial for users running pretalx to upgrade to version 2.3.2 or later to mitigate these risks.

References

https://pretalx.com/p/news/security-release-232/

https://github.com/pretalx/pretalx/commit/60722c43cf975f3...

https://github.com/pretalx/pretalx/releases/tag/v2.3.2

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 20, 2023
Vulnerability Reserved
Mar 15, 2023

CVE-2023-28459 Data

JSON