CVE-2023-36465

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Oct 6, 2023

Updated: Oct 11, 2023

CWE ID 732

CWE ID 284

Summary

CVE-2023-36465 is a vulnerability affecting Decidim, a participatory democracy framework used by the Barcelona City government. This issue resides in the `templates` module, which fails to enforce appropriate permissions. As a result, any logged-in user can gain unauthorized access to template functionality in the administration panel. An attacker could exploit this weakness to modify, create, or delete templates associated with surveys. This vulnerability has been addressed in Decidim versions 0.26.8 and 0.27.4.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/s5oX0Q
https://www.cve.org/CVERecord?id=CVE-2023-36465
https://nvd.nist.gov/vuln/detail/CVE-2023-36465

Back to Vulnerability Database

CVE-2023-36465

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations