CVE-2025-58052

Medium CVSS: 5.3

Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires privileged access initially, exploitation is restricted to malicious insiders or compromised group managers accounts. Version 1.2.0 fixes the issue.

Vendor

Galette

Product

Galette

CWE

CWE-863

Yayın Tarihi

2025-12-19 17:15:52

Güncelleme

2026-01-05 18:03:38

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-863 Galette MEDIUM Galette 2025

Referanslar

https://github.com/galette/galette/security/advisories/GHSA-gp9g-gf56-fcxx

Benzer Kayıtlar

Medium

CVE-2025-58053

Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating…

Low

CVE-2025-53922

Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to…

Medium

CVE-2025-48076

Galette is a membership management web application for non profit organizations. Versions 1.1.5.2 and below allow a user…

Medium

CVE-2025-48884

Galette is a membership management web application for non profit organizations. In versions 1.1.5.2 and below, Galette'…