UBUNTU-CVE-2025-58052

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-58052

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-58052.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-58052

Upstream

CVE-2025-58052

Published

2025-12-19T17:15:00Z

Modified

2026-01-08T06:16:13.271912Z

Severity

2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires privileged access initially, exploitation is restricted to malicious insiders or compromised group managers accounts. Version 1.2.0 fixes the issue.

References

Affected packages

Ubuntu:16.04:LTS / galette

Package

Name: galette
Purl: pkg:deb/ubuntu/galette@0.8+dfsg-1ubuntu1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.8+dfsg-1

0.8+dfsg-1ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "galette",
            "binary_version": "0.8+dfsg-1ubuntu1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-58052.json"