HIGH🇬🇧 English

CVE-2025-65017

CVSS 8.2v4.0pub. 2026-02-03upd. 2026-02-23

Decidim is a participatory democracy framework. In versions from 0.30.0 to before 0.30.4 and from 0.31.0.rc1 to before 0.31.0, the private data exports can lead to data leaks in case the UUID generation, causing collisions for the generated UUIDs. This issue has been patched in versions 0.30.4 and 0.31.0.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Decidim

    APP
    Decidim
    0.31.00.30.0 – 0.30.4 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-23891CRITICAL9.3PL ✓ten sam produkt

Stored XSS w polu nazwy użytkownika Decidim umożliwia zdalne wykonanie kodu

CVE-2023-36465CRITICAL9.1ten sam produkt

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelo...

CVE-2026-40869HIGH7.5ten sam produkt

Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.30.5 and 0....

CVE-2024-45594HIGH7.7ten sam produkt

Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetin...

CVE-2023-34090HIGH7.5ten sam produkt

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelo...

CVE-2025-65017 — HIGH 8.2 | CVEbaza.pl