Primary

Context

Pretix API Sensitive File Access Vulnerability via UUID

Vulnerability

Patched

A vulnerability exists in a Pretix API endpoint that allows users to access sensitive files belonging to other users, simply by knowing the UUID of the file. This access is granted without proper authorization, as the files were not meant to be accessible based on UUID alone.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive user files.

Added: Dec 19, 2025, 1:20 PM

Updated: Dec 19, 2025, 6:30 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.4

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.4

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Pretix API Sensitive File Access Vulnerability via UUID

Vulnerability

Impact

Affected Products

pretix

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating