Nixpkgs security tracker

Untriaged

Permalink CVE-2025-14881

created 3 months, 3 weeks ago

Insecure direct object reference

Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only.

References

https://pretix.eu/about/en/blog/20251218-release-2025-10-1/ vendor-advisory

Affected products

pretix

<2025.10.0
<2025.8.0
<2025.9.0
<2025.11.0

Matching in nixpkgs

pkgs.pretix

Ticketing software that cares about your event—all the way

nixos-unstable 2025.6.0
- nixpkgs-unstable 2025.6.0
- nixos-unstable-small 2025.6.0
nixos-25.11 2025.9.2
- nixpkgs-25.11-darwin 2025.9.2

pkgs.pretix-banktool

Automatic bank data upload tool for pretix (with FinTS client)

nixos-unstable 1.1.0
- nixpkgs-unstable 1.1.0
- nixos-unstable-small 1.1.0
nixos-25.11 1.1.0
- nixpkgs-25.11-darwin 1.1.0

Package maintainers