3.6
CVE-2026-11764
- EPSS 0.23%
- Veröffentlicht 09.06.2026 11:54:37
- Zuletzt bearbeitet 09.06.2026 13:57:49
- Quelle 655498c3-6ec5-4f0b-aea6-853b33
- CVE-Watchlists
- Unerledigt
Data exposed without proper permission
When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown. Therefore, it allows circumventing a permission boundary.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellerpretix
≫
Produkt
pretix
Default Statusunaffected
Version
2024.1.0
Version <
2026.3.0
Status
affected
Version
2026.3.0
Version <
2026.4.0
Status
affected
Version
2026.4.0
Version <
2026.5.0
Status
affected
Version
2026.5.0
Version <
2026.6.0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.135 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 655498c3-6ec5-4f0b-aea6-853b334d05a6 | 3.6 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-280 Improper Handling of Insufficient Permissions or Privileges
The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.
https://pretix.eu/about/en/blog/20260609-release-2026-5-1/