Alf.io Fixes Admin Area Access Vulnerability in Latest Update
CVE-2024-25628

7.6HIGH

Key Information:

Vendor: Alfio-event
Status: Alf.io
Vendor: CVE Published:; 16 February 2024

🔔 Create Alfio-event Vulnerability Alert

What is CVE-2024-25628?

The Alf.io event attendance management system, in versions prior to 2.0-M4-2402, contains a vulnerability that permits users to gain access to the administrative area even after their accounts have been invalidated or deleted. This poses a significant security risk as it may allow unauthorized personnel to conduct administrative functions, potentially compromising sensitive data or system integrity. The issue has been resolved in version 2.0-M4-2402, and it is imperative that all users upgrade to this version as there are no known workarounds to mitigate the risks presented by this vulnerability.

Affected Version(s)

alf.io < 2.0-M4-2402

References

https://github.com/alfio-event/alf.io/security/advisories...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 16, 2024
Vulnerability Reserved
Feb 8, 2024