Description

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of promo codes and use the discount coupon multiple times. In "alf.io", an event organizer can apply price discounts by using promo codes to your events. The organizer can limit the number of promo codes that will be used for this, but the time-gap between checking the number of codes and restricting the use of the codes allows a threat actor to bypass the promo code limit. Version 2.0-M5 fixes this issue.

INFO

Published Date :

2024-09-06T13:02:21.123Z

Last Modified :

2024-09-06T14:04:49.887Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-45300 vulnerability.

Vendors Products
Alf
  • Alf
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-45300.

URL Resource
https://github.com/alfio-event/alf.io/commit/53b3309e26e8acec6860d1e045df3046153a3245 cve-icon cve-icon
https://github.com/alfio-event/alf.io/security/advisories/GHSA-67jg-m6f3-473g cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact