Galette
Monthly
Galette membership management application versions 0.9.6 through 1.1.x contain an authorization bypass allowing group managers to escalate privileges and modify data beyond their intended role scope. The vulnerability requires authenticated access as a group manager and affects the integrity of membership data and organizational controls. Galette 1.2.0 resolves the issue; affected deployments should upgrade immediately to restore proper role-based access controls.
Galette is a membership management web application for non profit organizations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Galette is a membership management web application for non profit organizations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Galette membership management application versions 0.9.6 through 1.1.x contain an authorization bypass allowing group managers to escalate privileges and modify data beyond their intended role scope. The vulnerability requires authenticated access as a group manager and affects the integrity of membership data and organizational controls. Galette 1.2.0 resolves the issue; affected deployments should upgrade immediately to restore proper role-based access controls.
Galette is a membership management web application for non profit organizations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Galette is a membership management web application for non profit organizations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.