What is the severity of CVE-2024-45300?

CVE-2024-45300 has a moderate severity level due to the potential misuse of promo codes.

How do I fix CVE-2024-45300?

To fix CVE-2024-45300, upgrade to version 2.0-M5 or later of the alf.io ticket reservation system.

What type of vulnerability is CVE-2024-45300?

CVE-2024-45300 is classified as a race condition vulnerability.

What systems are affected by CVE-2024-45300?

CVE-2024-45300 affects alf.io versions prior to 2.0-M5.

How can CVE-2024-45300 be exploited?

CVE-2024-45300 can be exploited by users to bypass promo code usage limits, allowing multiple discount applications.

Vulnerability/
CVE-2024-45300

high

7.5

CWE

362

6/9/2024

29/9/2024

CVE-2024-45300: Bypassing promo code limitations with race conditions

First published: Fri Sep 06 2024(Updated: )

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of promo codes and use the discount coupon multiple times. In "alf.io", an event organizer can apply price discounts by using promo codes to your events. The organizer can limit the number of promo codes that will be used for this, but the time-gap between checking the number of codes and restricting the use of the codes allows a threat actor to bypass the promo code limit. Version 2.0-M5 fixes this issue.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Airbrake	<2.0-m5

Remedy

https://github.com/alfio-event/alf.io/commit/53b3309e26e8acec6860d1e045df3046153a3245

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-45300?
CVE-2024-45300 has a moderate severity level due to the potential misuse of promo codes.
How do I fix CVE-2024-45300?
To fix CVE-2024-45300, upgrade to version 2.0-M5 or later of the alf.io ticket reservation system.
What type of vulnerability is CVE-2024-45300?
CVE-2024-45300 is classified as a race condition vulnerability.
What systems are affected by CVE-2024-45300?
CVE-2024-45300 affects alf.io versions prior to 2.0-M5.
How can CVE-2024-45300 be exploited?
CVE-2024-45300 can be exploited by users to bypass promo code usage limits, allowing multiple discount applications.

agent/weakness
agent/title
agent/references
agent/type
agent/first-publish-date
agent/description
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/severity
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/alf
canonical/airbrake

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.