GHSA-639h-86hw-qcjq

Source

https://github.com/advisories/GHSA-639h-86hw-qcjq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-639h-86hw-qcjq/GHSA-639h-86hw-qcjq.json

Aliases

CVE-2023-36465

Published

2023-10-05T20:52:46Z

Modified

2023-11-08T05:31:35.136492Z

Details

Impact

The templates module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in the administration panel. An attacker could use this vulnerability to change, create or delete templates of surveys.

References

Affected packages

RubyGems / decidim

Package

Name: decidim

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.23.2

Fixed

0.26.8

Affected versions

0.*

0.23.2

0.23.3

0.23.4

0.23.5

0.23.6

0.24.0.rc1

0.24.0.rc2

0.24.0

0.24.1

0.24.2

0.24.3

0.25.0.rc1

0.25.0.rc2

0.25.0.rc3

0.25.0.rc4

0.25.0

0.25.1

0.25.2

0.26.0.rc2

0.26.0

0.26.1

0.26.2

0.26.3

0.26.4

0.26.5

0.26.7

RubyGems / decidim-templates

Package

Name: decidim-templates

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.23.2

Fixed

0.26.8

Affected versions

0.*

0.23.2

0.23.3

0.23.4

0.23.5

0.23.6

0.24.0.rc1

0.24.0.rc2

0.24.0

0.24.1

0.24.2

0.24.3

0.25.0.rc1

0.25.0.rc2

0.25.0.rc3

0.25.0.rc4

0.25.0

0.25.1

0.25.2

0.26.0.rc1

0.26.0.rc2

0.26.0

0.26.1

0.26.2

0.26.3

0.26.4

0.26.5

0.26.7

RubyGems / decidim-templates

Package

Name: decidim-templates

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.27.0

Fixed

0.27.4

Affected versions

0.*

0.27.0

0.27.1

0.27.2

0.27.3

RubyGems / decidim

Package

Name: decidim

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.27.0

Fixed

0.27.4

Affected versions

0.*

0.27.0

0.27.1

0.27.2

0.27.3