CRITICAL🇬🇧 English

CVE-2023-36465

CVSS 9.1v3.1pub. 2023-10-06upd. 2024-11-21

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The `templates` module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in the administration panel. An attacker could use this vulnerability to change, create or delete templates of surveys. This issue has been patched in version 0.26.8 and 0.27.4.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L
  • Decidim

    APP
    Decidim
    < 0.26.80.27.0 – 0.27.4 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-23891CRITICAL9.3PL ✓ten sam produkt

Stored XSS w polu nazwy użytkownika Decidim umożliwia zdalne wykonanie kodu

CVE-2026-40869HIGH7.5ten sam produkt

Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.30.5 and 0....

CVE-2025-65017HIGH8.2ten sam produkt

Decidim is a participatory democracy framework. In versions from 0.30.0 to before 0.30.4 and from 0.31.0.rc1 t...

CVE-2024-45594HIGH7.7ten sam produkt

Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetin...

CVE-2023-34090HIGH7.5ten sam produkt

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelo...