CVE-2023-36465

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-36465

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-36465.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-36465

Aliases

GHSA-639h-86hw-qcjq

Withdrawn

2024-05-15T05:32:13.004344Z

Published

2023-10-06T12:15:11Z

Modified

2023-11-08T04:12:56.800660Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L CVSS Calculator

Summary

[none]

Details

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The templates module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in the administration panel. An attacker could use this vulnerability to change, create or delete templates of surveys. This issue has been patched in version 0.26.8 and 0.27.4.

References

Affected packages

Git / github.com/decidim/decidim

Affected ranges

Type: GIT
Repo: https://github.com/decidim/decidim
Events: Fixed

08f4b9f6e973590626ebbdd16abfbb7f64667104

Introduced

fcac16c9eed35c9ca0ac30a3be7b962881aa06ee