Vulnerabilites related to decidim - decidim
Vulnerability from fkie_nvd
Published
2024-02-20 18:15
Modified
2024-12-16 21:28
Severity ?
4.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Summary
Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thread as you need to have access also to the session cookie in order to see this resource. This URL does not allow modifying the resource but it may allow attackers to gain access to information which was not meant to be public. The issue is fixed in version 0.27.5 and 0.28.0. As a workaround, disable the templates functionality or remove all available templates.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:decidim:decidim:*:*:*:*:*:ruby:*:*", matchCriteriaId: "D462F3FF-794C-4605-A9F4-FBB97A7F9FD1", versionEndExcluding: "0.27.5", versionStartIncluding: "0.23.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thread as you need to have access also to the session cookie in order to see this resource. This URL does not allow modifying the resource but it may allow attackers to gain access to information which was not meant to be public. The issue is fixed in version 0.27.5 and 0.28.0. As a workaround, disable the templates functionality or remove all available templates.", }, { lang: "es", value: "Decidim es un framework de democracia participativa. A partir de la versión 0.23.0 y anteriores a las versiones 0.27.5 y 0.28.0, la verificación del token de autenticidad CSRF está deshabilitada para la vista previa de las plantillas de cuestionario. El problema no implica un problema de seguridad grave, ya que también es necesario tener acceso a la cookie de sesión para poder ver este recurso. Esta URL no permite modificar el recurso, pero puede permitir a los atacantes obtener acceso a información que no estaba destinada a ser pública. El problema se solucionó en las versiones 0.27.5 y 0.28.0. Como workaround, desactive la funcionalidad de plantillas o elimine todas las plantillas disponibles.", }, ], id: "CVE-2023-47635", lastModified: "2024-12-16T21:28:47.970", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-20T18:15:50.147", references: [ { source: "security-advisories@github.com", tags: [ "Product", ], url: "https://github.com/decidim/decidim/blob/3187bdfd40ea1c57c2c12512b09a7fec0b2bed08/decidim-templates/app/controllers/decidim/templates/admin/questionnaire_templates_controller.rb#L11", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/decidim/decidim/commit/5542227be66e3b6d7530f5b536069bce09376660", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/decidim/decidim/commit/57a4b467787448307b5d9b01ce6e2c8502e121ac", }, { source: "security-advisories@github.com", tags: [ "Issue Tracking", ], url: "https://github.com/decidim/decidim/pull/11743", }, { source: "security-advisories@github.com", tags: [ "Issue Tracking", ], url: "https://github.com/decidim/decidim/pull/6247", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.5", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.28.0", }, { source: "security-advisories@github.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-f3qm-vfc3-jg6v", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/decidim/decidim/blob/3187bdfd40ea1c57c2c12512b09a7fec0b2bed08/decidim-templates/app/controllers/decidim/templates/admin/questionnaire_templates_controller.rb#L11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/decidim/decidim/commit/5542227be66e3b6d7530f5b536069bce09376660", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/decidim/decidim/commit/57a4b467787448307b5d9b01ce6e2c8502e121ac", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/decidim/decidim/pull/11743", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/decidim/decidim/pull/6247", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.28.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-f3qm-vfc3-jg6v", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-11 18:15
Modified
2024-11-21 08:06
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in version 0.27.3 and 0.26.7.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:decidim:decidim:*:*:*:*:*:ruby:*:*", matchCriteriaId: "ED7C8457-F45C-4727-A1B0-53A12284A2D2", versionEndExcluding: "0.26.7", vulnerable: true, }, { criteria: "cpe:2.3:a:decidim:decidim:*:*:*:*:*:ruby:*:*", matchCriteriaId: "4D389308-6526-443B-8169-2732F74EFF50", versionEndExcluding: "0.27.3", versionStartIncluding: "0.27.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in version 0.27.3 and 0.26.7.\n", }, ], id: "CVE-2023-34089", lastModified: "2024-11-21T08:06:31.187", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-11T18:15:16.170", references: [ { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.26.6", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.3", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-5652-92r9-3fx9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.26.6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-5652-92r9-3fx9", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-20 18:15
Modified
2024-12-16 22:43
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to change the file names through the dynamic upload endpoint. Therefore I believe it would require the attacker to control the whole session of the particular user but in any case, this needs to be fixed. Successful exploit of this vulnerability would require the user to have successfully uploaded a file blob to the server with a malicious file name and then have the possibility to direct the other user to the edit page of the record where the attachment is attached. The users are able to craft the direct upload requests themselves controlling the file name that gets stored to the database. The attacker is able to change the filename e.g. to `<svg onload=alert('XSS')>` if they know how to craft these requests themselves. And then enter the returned blob ID to the form inputs manually by modifying the edit page source. Versions 0.27.5 and 0.28.0 contain a patch for this issue. As a workaround, disable dynamic uploads for the instance, e.g. from proposals.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:decidim:decidim:*:*:*:*:*:ruby:*:*", matchCriteriaId: "38FDE900-4C89-45E3-821E-BF6F2A69C587", versionEndExcluding: "0.27.5", versionStartIncluding: "0.27.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to change the file names through the dynamic upload endpoint. Therefore I believe it would require the attacker to control the whole session of the particular user but in any case, this needs to be fixed. Successful exploit of this vulnerability would require the user to have successfully uploaded a file blob to the server with a malicious file name and then have the possibility to direct the other user to the edit page of the record where the attachment is attached. The users are able to craft the direct upload requests themselves controlling the file name that gets stored to the database. The attacker is able to change the filename e.g. to `<svg onload=alert('XSS')>` if they know how to craft these requests themselves. And then enter the returned blob ID to the form inputs manually by modifying the edit page source. Versions 0.27.5 and 0.28.0 contain a patch for this issue. As a workaround, disable dynamic uploads for the instance, e.g. from proposals.", }, { lang: "es", value: "Decidim es un framework de democracia participativa. A partir de la versión 0.27.0 y antes de las versiones 0.27.5 y 0.28.0, la función de carga dinámica de archivos está sujeta a posibles ataques de Cross-site scripting en caso de que el atacante logre modificar los nombres de los archivos de los registros que se cargan en el servidor. Esto aparece en secciones donde el usuario controla los cuadros de diálogo de carga de archivos y tiene el conocimiento técnico para cambiar los nombres de los archivos a través del endpoint de carga dinámica. Por lo tanto, creo que requeriría que el atacante controlara toda la sesión del usuario en particular, pero en cualquier caso, esto debe solucionarse. La explotación exitosa de esta vulnerabilidad requeriría que el usuario haya subido exitosamente un blob de archivos al servidor con un nombre de archivo malicioso y luego tenga la posibilidad de dirigir al otro usuario a la página de edición del registro donde se adjunta el archivo adjunto. Los usuarios pueden crear ellos mismos las solicitudes de carga directa controlando el nombre del archivo que se almacena en la base de datos. El atacante puede cambiar el nombre del archivo, por ejemplo, a `` si sabe cómo elaborar estas solicitudes por sí mismo. Y luego ingrese el ID del blob devuelto en las entradas del formulario manualmente modificando la fuente de la página de edición. Las versiones 0.27.5 y 0.28.0 contienen un parche para este problema. Como workaround, deshabilite las cargas dinámicas para la instancia, por ejemplo, desde propuestas.", }, ], id: "CVE-2023-51447", lastModified: "2024-12-16T22:43:27.217", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 4.2, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-20T18:15:50.547", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/decidim/decidim/commit/aaf72787cf18beeeb6a771c1f7cbb7654b073423", }, { source: "security-advisories@github.com", tags: [ "Issue Tracking", ], url: "https://github.com/decidim/decidim/pull/11612", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.5", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.28.0", }, { source: "security-advisories@github.com", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-9w99-78rj-hmxq", }, { source: "security-advisories@github.com", tags: [ "Product", ], url: "https://github.com/rails/rails/blob/a967d355c6fee9ad9b8bd115d43bc8b0fc207e7e/activestorage/app/controllers/active_storage/direct_uploads_controller.rb#L14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/decidim/decidim/commit/aaf72787cf18beeeb6a771c1f7cbb7654b073423", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/decidim/decidim/pull/11612", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.28.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-9w99-78rj-hmxq", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/rails/rails/blob/a967d355c6fee9ad9b8bd115d43bc8b0fc207e7e/activestorage/app/controllers/active_storage/direct_uploads_controller.rb#L14", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-11 18:15
Modified
2024-11-21 08:03
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in versions 0.27.3 and 0.26.7.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:decidim:decidim:*:*:*:*:*:ruby:*:*", matchCriteriaId: "ED7C8457-F45C-4727-A1B0-53A12284A2D2", versionEndExcluding: "0.26.7", vulnerable: true, }, { criteria: "cpe:2.3:a:decidim:decidim:*:*:*:*:*:ruby:*:*", matchCriteriaId: "4D389308-6526-443B-8169-2732F74EFF50", versionEndExcluding: "0.27.3", versionStartIncluding: "0.27.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in versions 0.27.3 and 0.26.7.", }, ], id: "CVE-2023-32693", lastModified: "2024-11-21T08:03:51.917", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-11T18:15:14.147", references: [ { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.26.7", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.3", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-469h-mqg8-535r", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.26.7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-469h-mqg8-535r", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-06 12:15
Modified
2024-11-21 08:09
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Summary
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The `templates` module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in the administration panel. An attacker could use this vulnerability to change, create or delete templates of surveys. This issue has been patched in version 0.26.8 and 0.27.4.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:decidim:decidim:*:*:*:*:*:ruby:*:*", matchCriteriaId: "531423A6-A402-4899-A922-076C3AAA055A", versionEndExcluding: "0.26.8", vulnerable: true, }, { criteria: "cpe:2.3:a:decidim:decidim:*:*:*:*:*:ruby:*:*", matchCriteriaId: "059C1800-67EF-4DC6-903D-0F9043FBEC4F", versionEndExcluding: "0.27.4", versionStartIncluding: "0.27.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The `templates` module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in the administration panel. An attacker could use this vulnerability to change, create or delete templates of surveys. This issue has been patched in version 0.26.8 and 0.27.4.", }, { lang: "es", value: "Decidim es un framework de democracia participativa, escrito en Ruby on Rails, desarrollado originalmente para el sitio web de participación en línea y fuera de línea del gobierno de la ciudad de Barcelona. El módulo `templates` no aplica los permisos correctos, lo que permite que cualquier usuario que haya iniciado sesión acceda a esta funcionalidad en el panel de administración. Un atacante podría utilizar esta vulnerabilidad para cambiar, crear o eliminar plantillas de encuestas. Este problema se solucionó en las versiones 0.26.8 y 0.27.4.", }, ], id: "CVE-2023-36465", lastModified: "2024-11-21T08:09:46.057", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 5.3, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-06T12:15:11.683", references: [ { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.26.8", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.4", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-639h-86hw-qcjq", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.26.8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-639h-86hw-qcjq", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-29 01:41
Modified
2025-02-14 17:29
Severity ?
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of resources (for instance, a proposal) allows a user to make more than once endorsement. To exploit this vulnerability, the request to set an endorsement must be sent several times in parallel. Versions 0.26.9, 0.27.5, and 0.28.0 contain a patch for this issue. As a workaround, disable the Endorsement feature in the components.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:decidim:decidim:*:*:*:*:*:ruby:*:*", matchCriteriaId: "C8A5D343-1E37-498D-B248-667017D2600D", versionEndExcluding: "0.26.9", versionStartIncluding: "0.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:decidim:decidim:*:*:*:*:*:ruby:*:*", matchCriteriaId: "38FDE900-4C89-45E3-821E-BF6F2A69C587", versionEndExcluding: "0.27.5", versionStartIncluding: "0.27.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of resources (for instance, a proposal) allows a user to make more than once endorsement. To exploit this vulnerability, the request to set an endorsement must be sent several times in parallel. Versions 0.26.9, 0.27.5, and 0.28.0 contain a patch for this issue. As a workaround, disable the Endorsement feature in the components. ", }, { lang: "es", value: "Decidim es un framework de democracia participativa. A partir de la versión 0.10.0 y antes de las versiones 0.26.9, 0.27.5 y 0.28.0, una condición de ejecución en la aprobación de recursos (por ejemplo, una propuesta) permite a un usuario realizar más de una aprobación. Para aprovechar esta vulnerabilidad, la solicitud para establecer un respaldo debe enviarse varias veces en paralelo. Las versiones 0.26.9, 0.27.5 y 0.28.0 contienen un parche para este problema. Como workaround, desactive la función Respaldo en los componentes.", }, ], id: "CVE-2023-47634", lastModified: "2025-02-14T17:29:55.400", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-29T01:41:28.370", references: [ { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.26.9", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.5", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.28.0", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-r275-j57c-7mf2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.26.9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.28.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-r275-j57c-7mf2", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-20 18:15
Modified
2024-12-16 21:46
Severity ?
5.7 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Decidim is a participatory democracy framework. Starting in version 0.4.rc3 and prior to version 2.0.9 of the `devise_invitable` gem, the invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. This issue creates vulnerable dependencies starting in version 0.0.1.alpha3 and prior to versions 0.26.9, 0.27.5, and 0.28.0 of the `decidim,` `decidim-admin`, and `decidim-system` gems. When using the password reset functionality, the `devise_invitable` gem always accepts the pending invitation if the user has been invited. The only check done is if the user has been invited but the code does not ensure that the pending invitation is still valid as defined by the `invite_for` expiry period. Decidim sets this configuration to `2.weeks` so this configuration should be respected. The bug is in the `devise_invitable` gem and should be fixed there and the dependency should be upgraded in Decidim once the fix becomes available. `devise_invitable` to version `2.0.9` and above fix this issue. Versions 0.26.9, 0.27.5, and 0.28.0 of the `decidim,` `decidim-admin`, and `decidim-system` gems contain this fix. As a workaround, invitations can be cancelled directly from the database.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| decidim | decidim | * | |
| decidim | decidim | * | |
| decidim | decidim | 0.0.1 | |
| decidim | decidim | 0.0.1 | |
| decidim | decidim | 0.0.1 | |
| decidim | decidim | 0.0.1 | |
| decidim | decidim | 0.0.1 | |
| decidim | decidim | 0.0.1 | |
| decidim | decidim | 0.0.1 | |
| decidim | decidim | 0.0.1 | |
| scambra | devise_invitable | * | |
| scambra | devise_invitable | 0.4.0 | |
| scambra | devise_invitable | 0.4.0 | |
| scambra | devise_invitable | 0.4.0 | |
| scambra | devise_invitable | 0.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:decidim:decidim:*:*:*:*:*:ruby:*:*", matchCriteriaId: "6D1B1016-51D8-4E01-A074-A10CAEC25485", versionEndExcluding: "0.26.9", versionStartIncluding: "0.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:decidim:decidim:*:*:*:*:*:ruby:*:*", matchCriteriaId: "38FDE900-4C89-45E3-821E-BF6F2A69C587", versionEndExcluding: "0.27.5", versionStartIncluding: "0.27.0", vulnerable: true, }, { criteria: "cpe:2.3:a:decidim:decidim:0.0.1:-:*:*:*:ruby:*:*", matchCriteriaId: "DE4555F1-EB34-4472-931F-918D00E481F8", vulnerable: true, }, { criteria: "cpe:2.3:a:decidim:decidim:0.0.1:alpha3:*:*:*:ruby:*:*", matchCriteriaId: "31A4E87B-87B1-40B3-B313-44570B5A77F8", vulnerable: true, }, { criteria: "cpe:2.3:a:decidim:decidim:0.0.1:alpha4:*:*:*:ruby:*:*", matchCriteriaId: "F5AA544E-60FB-4D83-934D-FA82E2E51BB4", vulnerable: true, }, { criteria: "cpe:2.3:a:decidim:decidim:0.0.1:alpha5:*:*:*:ruby:*:*", matchCriteriaId: "D74508D4-F213-42D9-8E09-AE9FD6D08598", vulnerable: true, }, { criteria: "cpe:2.3:a:decidim:decidim:0.0.1:alpha6:*:*:*:ruby:*:*", matchCriteriaId: "01F34579-CCA4-4F22-AD26-27DD7B0586A5", vulnerable: true, }, { criteria: "cpe:2.3:a:decidim:decidim:0.0.1:alpha7:*:*:*:ruby:*:*", matchCriteriaId: "7BBA5EB0-C175-4AAA-89CC-EC964C05A7A4", vulnerable: true, }, { criteria: "cpe:2.3:a:decidim:decidim:0.0.1:alpha8:*:*:*:ruby:*:*", matchCriteriaId: "1BF30DCF-EC5F-4411-A124-69EB5A06AFCE", vulnerable: true, }, { criteria: "cpe:2.3:a:decidim:decidim:0.0.1:alpha9:*:*:*:ruby:*:*", matchCriteriaId: "A5DC0B15-23BF-4305-A018-1E56C1F32BB2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:scambra:devise_invitable:*:*:*:*:*:ruby:*:*", matchCriteriaId: "F9EB2E96-5C9B-4483-9185-76CEABC1C661", versionEndExcluding: "2.0.9", versionStartIncluding: "0.4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:scambra:devise_invitable:0.4.0:-:*:*:*:ruby:*:*", matchCriteriaId: "7DF8801D-7388-4480-BB49-18205160FA6F", vulnerable: true, }, { criteria: "cpe:2.3:a:scambra:devise_invitable:0.4.0:rc3:*:*:*:ruby:*:*", matchCriteriaId: "7A4594E1-64CB-4404-9C87-9759A657E18B", vulnerable: true, }, { criteria: "cpe:2.3:a:scambra:devise_invitable:0.4.0:rc4:*:*:*:ruby:*:*", matchCriteriaId: "27BB4517-6C0E-4426-9EAC-D702AF00718E", vulnerable: true, }, { criteria: "cpe:2.3:a:scambra:devise_invitable:0.4.0:rc5:*:*:*:ruby:*:*", matchCriteriaId: "D0D4559B-7949-4339-B7DD-BEA7EE98320B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Decidim is a participatory democracy framework. Starting in version 0.4.rc3 and prior to version 2.0.9 of the `devise_invitable` gem, the invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. This issue creates vulnerable dependencies starting in version 0.0.1.alpha3 and prior to versions 0.26.9, 0.27.5, and 0.28.0 of the `decidim,` `decidim-admin`, and `decidim-system` gems. When using the password reset functionality, the `devise_invitable` gem always accepts the pending invitation if the user has been invited. The only check done is if the user has been invited but the code does not ensure that the pending invitation is still valid as defined by the `invite_for` expiry period. Decidim sets this configuration to `2.weeks` so this configuration should be respected. The bug is in the `devise_invitable` gem and should be fixed there and the dependency should be upgraded in Decidim once the fix becomes available. `devise_invitable` to version `2.0.9` and above fix this issue. Versions 0.26.9, 0.27.5, and 0.28.0 of the `decidim,` `decidim-admin`, and `decidim-system` gems contain this fix. As a workaround, invitations can be cancelled directly from the database.", }, { lang: "es", value: "Decidim es un framework de democracia participativa. A partir de la versión 0.4.rc3 y antes de la versión 2.0.9 de la gema `devise_invitable`, la función de invitaciones permite a los usuarios aceptar la invitación por un período de tiempo ilimitado a través de la función de restablecimiento de contraseña. Este problema crea dependencias vulnerables a partir de la versión 0.0.1.alpha3 y anteriores a las versiones 0.26.9, 0.27.5 y 0.28.0 de las gemas `decidim`, `decidim-admin` y `decidim-system`. Cuando se utiliza la función de restablecimiento de contraseña, la gema `devise_invitable` siempre acepta la invitación pendiente si el usuario ha sido invitado. La única verificación realizada es si el usuario ha sido invitado pero el código no garantiza que la invitación pendiente siga siendo válida según lo definido por el período de vencimiento de `invite_for`. Decidim establece esta configuración en `2.weeks` por lo que se debe respetar esta configuración. El error está en la gema `devise_invitable` y debería solucionarse allí y la dependencia debería actualizarse en Decidim una vez que la solución esté disponible. `devise_invitable` a la versión `2.0.9` y superiores solucionan este problema. Las versiones 0.26.9, 0.27.5 y 0.28.0 de las gemas `decidim`, `decidim-admin` y `decidim-system` contienen esta solución. Como workaround, las invitaciones se pueden cancelar directamente desde la base de datos.", }, ], id: "CVE-2023-48220", lastModified: "2024-12-16T21:46:47.680", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 0.5, impactScore: 5.2, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-20T18:15:50.350", references: [ { source: "security-advisories@github.com", tags: [ "Product", ], url: "https://github.com/decidim/decidim/blob/d2d390578050772d1bdb6d731395f1afc39dcbfc/decidim-core/config/initializers/devise.rb#L134", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/decidim/decidim/commit/073e60e2e4224dd81815a784002ebba30f2ebb34", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/decidim/decidim/commit/b12800717a689c295a9ea680a38ca9f823d2c454", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.26.9", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.5", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.28.0", }, { source: "security-advisories@github.com", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-w3q8-m492-4pwp", }, { source: "security-advisories@github.com", tags: [ "Product", ], url: "https://github.com/scambra/devise_invitable/blob/41f58970ff76fb64382a9b9ea1bd530f7c3adab2/lib/devise_invitable/models.rb#L198", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/scambra/devise_invitable/commit/94d859c7de0829bf63f679ae5dd3cab2b866a098", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/decidim/decidim/blob/d2d390578050772d1bdb6d731395f1afc39dcbfc/decidim-core/config/initializers/devise.rb#L134", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/decidim/decidim/commit/073e60e2e4224dd81815a784002ebba30f2ebb34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/decidim/decidim/commit/b12800717a689c295a9ea680a38ca9f823d2c454", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.26.9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.28.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-w3q8-m492-4pwp", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/scambra/devise_invitable/blob/41f58970ff76fb64382a9b9ea1bd530f7c3adab2/lib/devise_invitable/models.rb#L198", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/scambra/devise_invitable/commit/94d859c7de0829bf63f679ae5dd3cab2b866a098", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-672", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-672", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-10 19:15
Modified
2024-11-21 09:03
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:decidim:decidim:*:*:*:*:*:ruby:*:*", matchCriteriaId: "F06324EE-53B1-4FAE-8BEF-795C35E4975D", versionEndExcluding: "0.27.6", vulnerable: true, }, { criteria: "cpe:2.3:a:decidim:decidim:0.28.0:-:*:*:*:ruby:*:*", matchCriteriaId: "637B8863-0862-4FB4-9871-EDCF21054F34", vulnerable: true, }, { criteria: "cpe:2.3:a:decidim:decidim:0.28.0:rc1:*:*:*:ruby:*:*", matchCriteriaId: "8B3E98CE-A52C-4965-8549-559A23A38306", vulnerable: true, }, { criteria: "cpe:2.3:a:decidim:decidim:0.28.0:rc2:*:*:*:ruby:*:*", matchCriteriaId: "D90343A7-D472-4EE2-91A1-9F173A42BCD0", vulnerable: true, }, { criteria: "cpe:2.3:a:decidim:decidim:0.28.0:rc3:*:*:*:ruby:*:*", matchCriteriaId: "A7805027-BBE2-48C3-AE74-F8D03A76D00F", vulnerable: true, }, { criteria: "cpe:2.3:a:decidim:decidim:0.28.0:rc4:*:*:*:ruby:*:*", matchCriteriaId: "178DC9F7-9880-437E-A0BF-CD5A4E6691BF", vulnerable: true, }, { criteria: "cpe:2.3:a:decidim:decidim:0.28.0:rc5:*:*:*:ruby:*:*", matchCriteriaId: "76E8A31B-8F15-4D43-A371-230C4FADDF5F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1.", }, { lang: "es", value: "Decidim es un framework de democracia participativa. El panel de administración está sujeto a un posible adjunto XSS en caso de que el atacante logre modificar algunos registros que se cargan en el servidor. Esta vulnerabilidad se solucionó en 0.27.6 y 0.28.1.", }, ], id: "CVE-2024-27095", lastModified: "2024-11-21T09:03:50.910", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1, impactScore: 4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-07-10T19:15:10.407", references: [ { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.6", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.28.1", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-529p-jj47-w3m3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/decidim/decidim/releases/tag/v0.28.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-529p-jj47-w3m3", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-11 18:15
Modified
2024-11-21 08:06
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database collections (e.g., public meetings). By default, this library allows filtering on all data attributes and associations. This allows an unauthenticated remote attacker to exfiltrate non-public data from the underlying database of a Decidim instance (e.g., exfiltrating data from the user table). This issue may lead to Sensitive Data Disclosure. The problem was patched in version 0.27.3.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:decidim:decidim:*:*:*:*:*:ruby:*:*", matchCriteriaId: "E9D93E20-6119-4518-9533-55AECCB477E3", versionEndExcluding: "0.27.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database collections (e.g., public meetings). By default, this library allows filtering on all data attributes and associations. This allows an unauthenticated remote attacker to exfiltrate non-public data from the underlying database of a Decidim instance (e.g., exfiltrating data from the user table). This issue may lead to Sensitive Data Disclosure. The problem was patched in version 0.27.3. ", }, ], id: "CVE-2023-34090", lastModified: "2024-11-21T08:06:31.323", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-11T18:15:16.233", references: [ { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.3", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-jm79-9pm4-vrw9", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-jm79-9pm4-vrw9#advisory-comment-81110", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-jm79-9pm4-vrw9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-jm79-9pm4-vrw9#advisory-comment-81110", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-16 19:16
Modified
2024-09-29 00:14
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The admin panel is subject to potential Cross-site scripting (XSS) attach in case an admin assigns a valuator to a proposal, or does any other action that generates an admin activity log where one of the resources has an XSS crafted. This issue has been addressed in release version 0.27.7, 0.28.2, and newer. Users are advised to upgrade. Users unable to upgrade may redirect the pages /admin and /admin/logs to other admin pages to prevent this access (i.e. `/admin/organization/edit`).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:decidim:decidim:*:*:*:*:*:ruby:*:*", matchCriteriaId: "6C6546E7-9340-4C15-BEF9-9075508E1C35", versionEndExcluding: "0.27.7", vulnerable: true, }, { criteria: "cpe:2.3:a:decidim:decidim:0.28.0:-:*:*:*:ruby:*:*", matchCriteriaId: "637B8863-0862-4FB4-9871-EDCF21054F34", vulnerable: true, }, { criteria: "cpe:2.3:a:decidim:decidim:0.28.1:*:*:*:*:ruby:*:*", matchCriteriaId: "45B74421-A9CA-4C0F-86ED-A6AAB5FCF7F7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The admin panel is subject to potential Cross-site scripting (XSS) attach in case an admin assigns a valuator to a proposal, or does any other action that generates an admin activity log where one of the resources has an XSS crafted. This issue has been addressed in release version 0.27.7, 0.28.2, and newer. Users are advised to upgrade. Users unable to upgrade may redirect the pages /admin and /admin/logs to other admin pages to prevent this access (i.e. `/admin/organization/edit`).", }, { lang: "es", value: "Decidim es una democracia participativa, participación ciudadana y gobierno abierto de código abierto y gratuito para ciudades y organizaciones. El panel de administración está sujeto a posibles ataques de cross site scripting (XSS) en caso de que un administrador asigne un evaluador a una propuesta o realice cualquier otra acción que genere un registro de actividad de administración donde uno de los recursos tenga un XSS creado. Este problema se ha solucionado en las versiones de lanzamiento 0.27.7, 0.28.2 y posteriores. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar pueden redirigir las páginas /admin y /admin/logs a otras páginas de administración para evitar este acceso (es decir, `/admin/organization/edit`).", }, ], id: "CVE-2024-32034", lastModified: "2024-09-29T00:14:35.067", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-09-16T19:16:10.300", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/decidim/decidim/commit/23fc8d702a4976727f78617f5e42353d67931645", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/decidim/decidim/commit/9d79f09a2d38c87feb28725670d6cc1f55c22072", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/decidim/decidim/commit/e494235d559be13dd1f8694345e6f6bba762d1c0", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/decidim/decidim/commit/ff755e23814aeb56e9089fc08006a5d3faee47b6", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-rx9f-5ggv-5rh6", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-11-13 17:15
Modified
2025-02-28 15:52
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.28.3 and 0.29.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/decidim/decidim/security/advisories/GHSA-j4h6-gcj7-7v9v | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:decidim:decidim:*:*:*:*:*:ruby:*:*", matchCriteriaId: "296B5B0A-813C-4519-ABFE-F2D80245AE41", versionEndExcluding: "0.28.3", versionStartIncluding: "0.28.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.28.3 and 0.29.0.", }, { lang: "es", value: "Decidim es un framework de democracia participativa. La función de integración de reuniones que se utiliza en las reuniones en línea o híbridas está sujeta a posibles ataques XSS a través de una URL mal formada. Esta vulnerabilidad se ha corregido en las versiones 0.28.3 y 0.29.0.", }, ], id: "CVE-2024-45594", lastModified: "2025-02-28T15:52:30.483", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.3, impactScore: 5.8, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-11-13T17:15:10.333", references: [ { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-j4h6-gcj7-7v9v", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-16 19:16
Modified
2024-09-29 00:33
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The WYSWYG editor QuillJS is subject to potential XSS attach in case the attacker manages to modify the HTML before being uploaded to the server. The attacker is able to change e.g. to <svg onload=alert('XSS')> if they know how to craft these requests themselves. This issue has been addressed in release version 0.27.7. All users are advised to upgrade. Users unable to upgrade should review the user accounts that have access to the admin panel (i.e. general Administrators, and participatory space's Administrators) and remove access to them if they don't need it. Disable the "Enable rich text editor for participants" setting in the admin dashboard
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:decidim:decidim:*:*:*:*:*:ruby:*:*", matchCriteriaId: "6C6546E7-9340-4C15-BEF9-9075508E1C35", versionEndExcluding: "0.27.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The WYSWYG editor QuillJS is subject to potential XSS attach in case the attacker manages to modify the HTML before being uploaded to the server. The attacker is able to change e.g. to <svg onload=alert('XSS')> if they know how to craft these requests themselves. This issue has been addressed in release version 0.27.7. All users are advised to upgrade. Users unable to upgrade should review the user accounts that have access to the admin panel (i.e. general Administrators, and participatory space's Administrators) and remove access to them if they don't need it. Disable the \"Enable rich text editor for participants\" setting in the admin dashboard", }, { lang: "es", value: "Decidim es una democracia participativa, participación ciudadana y gobierno abierto de código abierto y gratuito para ciudades y organizaciones. El editor WYSWYG QuillJS está sujeto a posibles ataques XSS en caso de que el atacante logre modificar el HTML antes de subirlo al servidor. El atacante puede cambiar, por ejemplo, a si sabe cómo crear estas solicitudes por sí mismo. Este problema se ha solucionado en la versión 0.27.7. Se recomienda a todos los usuarios que actualicen. Los usuarios que no puedan actualizar deben revisar las cuentas de usuario que tienen acceso al panel de administración (es decir, administradores generales y administradores del espacio participativo) y eliminar el acceso a ellas si no lo necesitan. Desactive la opción \"Habilitar editor de texto enriquecido para participantes\" en el panel de administración", }, ], id: "CVE-2024-39910", lastModified: "2024-09-29T00:33:03.740", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1, impactScore: 4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-09-16T19:16:10.540", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/decidim/decidim/commit/47adca81cabea898005ec07b130b008f2a2be99f", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-vvqw-fqwx-mqmm", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
cve-2023-51447
Vulnerability from cvelistv5
Published
2024-02-20 17:29
Modified
2024-08-26 14:47
Severity ?
EPSS score ?
Summary
Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to change the file names through the dynamic upload endpoint. Therefore I believe it would require the attacker to control the whole session of the particular user but in any case, this needs to be fixed. Successful exploit of this vulnerability would require the user to have successfully uploaded a file blob to the server with a malicious file name and then have the possibility to direct the other user to the edit page of the record where the attachment is attached. The users are able to craft the direct upload requests themselves controlling the file name that gets stored to the database. The attacker is able to change the filename e.g. to `<svg onload=alert('XSS')>` if they know how to craft these requests themselves. And then enter the returned blob ID to the form inputs manually by modifying the edit page source. Versions 0.27.5 and 0.28.0 contain a patch for this issue. As a workaround, disable dynamic uploads for the instance, e.g. from proposals.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:32:09.936Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-9w99-78rj-hmxq", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-9w99-78rj-hmxq", }, { name: "https://github.com/decidim/decidim/pull/11612", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/pull/11612", }, { name: "https://github.com/decidim/decidim/commit/aaf72787cf18beeeb6a771c1f7cbb7654b073423", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/commit/aaf72787cf18beeeb6a771c1f7cbb7654b073423", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.27.5", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.5", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.28.0", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/releases/tag/v0.28.0", }, { name: "https://github.com/rails/rails/blob/a967d355c6fee9ad9b8bd115d43bc8b0fc207e7e/activestorage/app/controllers/active_storage/direct_uploads_controller.rb#L14", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/rails/rails/blob/a967d355c6fee9ad9b8bd115d43bc8b0fc207e7e/activestorage/app/controllers/active_storage/direct_uploads_controller.rb#L14", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:decidim:decidim:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "decidim", vendor: "decidim", versions: [ { lessThan: "0.27.5", status: "affected", version: "0.27.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-51447", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-21T19:26:23.301660Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-26T14:47:59.180Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "decidim", vendor: "decidim", versions: [ { status: "affected", version: ">= 0.27.0, < 0.27.5", }, ], }, ], descriptions: [ { lang: "en", value: "Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to change the file names through the dynamic upload endpoint. Therefore I believe it would require the attacker to control the whole session of the particular user but in any case, this needs to be fixed. Successful exploit of this vulnerability would require the user to have successfully uploaded a file blob to the server with a malicious file name and then have the possibility to direct the other user to the edit page of the record where the attachment is attached. The users are able to craft the direct upload requests themselves controlling the file name that gets stored to the database. The attacker is able to change the filename e.g. to `<svg onload=alert('XSS')>` if they know how to craft these requests themselves. And then enter the returned blob ID to the form inputs manually by modifying the edit page source. Versions 0.27.5 and 0.28.0 contain a patch for this issue. As a workaround, disable dynamic uploads for the instance, e.g. from proposals.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-20T17:29:35.677Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-9w99-78rj-hmxq", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-9w99-78rj-hmxq", }, { name: "https://github.com/decidim/decidim/pull/11612", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/pull/11612", }, { name: "https://github.com/decidim/decidim/commit/aaf72787cf18beeeb6a771c1f7cbb7654b073423", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/commit/aaf72787cf18beeeb6a771c1f7cbb7654b073423", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.27.5", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.5", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.28.0", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/releases/tag/v0.28.0", }, { name: "https://github.com/rails/rails/blob/a967d355c6fee9ad9b8bd115d43bc8b0fc207e7e/activestorage/app/controllers/active_storage/direct_uploads_controller.rb#L14", tags: [ "x_refsource_MISC", ], url: "https://github.com/rails/rails/blob/a967d355c6fee9ad9b8bd115d43bc8b0fc207e7e/activestorage/app/controllers/active_storage/direct_uploads_controller.rb#L14", }, ], source: { advisory: "GHSA-9w99-78rj-hmxq", discovery: "UNKNOWN", }, title: "Decidim vulnerable to cross-site scripting (XSS) in the dynamic file uploads", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-51447", datePublished: "2024-02-20T17:29:35.677Z", dateReserved: "2023-12-19T15:19:39.615Z", dateUpdated: "2024-08-26T14:47:59.180Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-48220
Vulnerability from cvelistv5
Published
2024-02-20 17:24
Modified
2024-08-02 21:23
Severity ?
EPSS score ?
Summary
Decidim is a participatory democracy framework. Starting in version 0.4.rc3 and prior to version 2.0.9 of the `devise_invitable` gem, the invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. This issue creates vulnerable dependencies starting in version 0.0.1.alpha3 and prior to versions 0.26.9, 0.27.5, and 0.28.0 of the `decidim,` `decidim-admin`, and `decidim-system` gems. When using the password reset functionality, the `devise_invitable` gem always accepts the pending invitation if the user has been invited. The only check done is if the user has been invited but the code does not ensure that the pending invitation is still valid as defined by the `invite_for` expiry period. Decidim sets this configuration to `2.weeks` so this configuration should be respected. The bug is in the `devise_invitable` gem and should be fixed there and the dependency should be upgraded in Decidim once the fix becomes available. `devise_invitable` to version `2.0.9` and above fix this issue. Versions 0.26.9, 0.27.5, and 0.28.0 of the `decidim,` `decidim-admin`, and `decidim-system` gems contain this fix. As a workaround, invitations can be cancelled directly from the database.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:decidim:decidim:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "decidim", vendor: "decidim", versions: [ { lessThan: "0.26.9", status: "affected", version: "0.0.1.alpha3", versionType: "custom", }, { lessThan: "0.27.5", status: "affected", version: "0.27.0", versionType: "custom", }, { lessThan: "2.0.9", status: "affected", version: "0.4.rc3", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-48220", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-21T15:23:30.053194Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-26T17:11:07.062Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T21:23:39.264Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-w3q8-m492-4pwp", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-w3q8-m492-4pwp", }, { name: "https://github.com/decidim/decidim/commit/073e60e2e4224dd81815a784002ebba30f2ebb34", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/commit/073e60e2e4224dd81815a784002ebba30f2ebb34", }, { name: "https://github.com/decidim/decidim/commit/b12800717a689c295a9ea680a38ca9f823d2c454", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/commit/b12800717a689c295a9ea680a38ca9f823d2c454", }, { name: "https://github.com/scambra/devise_invitable/commit/94d859c7de0829bf63f679ae5dd3cab2b866a098", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/scambra/devise_invitable/commit/94d859c7de0829bf63f679ae5dd3cab2b866a098", }, { name: "https://github.com/decidim/decidim/blob/d2d390578050772d1bdb6d731395f1afc39dcbfc/decidim-core/config/initializers/devise.rb#L134", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/blob/d2d390578050772d1bdb6d731395f1afc39dcbfc/decidim-core/config/initializers/devise.rb#L134", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.26.9", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/releases/tag/v0.26.9", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.27.5", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.5", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.28.0", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/releases/tag/v0.28.0", }, { name: "https://github.com/scambra/devise_invitable/blob/41f58970ff76fb64382a9b9ea1bd530f7c3adab2/lib/devise_invitable/models.rb#L198", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/scambra/devise_invitable/blob/41f58970ff76fb64382a9b9ea1bd530f7c3adab2/lib/devise_invitable/models.rb#L198", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "decidim", vendor: "decidim", versions: [ { status: "affected", version: ">= 0.0.1.alpha3, < 0.26.9", }, { status: "affected", version: ">= 0.27.0, < 0.27.5", }, { status: "affected", version: " >= 0.4.rc3, < 2.0.9", }, ], }, ], descriptions: [ { lang: "en", value: "Decidim is a participatory democracy framework. Starting in version 0.4.rc3 and prior to version 2.0.9 of the `devise_invitable` gem, the invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. This issue creates vulnerable dependencies starting in version 0.0.1.alpha3 and prior to versions 0.26.9, 0.27.5, and 0.28.0 of the `decidim,` `decidim-admin`, and `decidim-system` gems. When using the password reset functionality, the `devise_invitable` gem always accepts the pending invitation if the user has been invited. The only check done is if the user has been invited but the code does not ensure that the pending invitation is still valid as defined by the `invite_for` expiry period. Decidim sets this configuration to `2.weeks` so this configuration should be respected. The bug is in the `devise_invitable` gem and should be fixed there and the dependency should be upgraded in Decidim once the fix becomes available. `devise_invitable` to version `2.0.9` and above fix this issue. Versions 0.26.9, 0.27.5, and 0.28.0 of the `decidim,` `decidim-admin`, and `decidim-system` gems contain this fix. As a workaround, invitations can be cancelled directly from the database.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-672", description: "CWE-672: Operation on a Resource after Expiration or Release", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-20T17:27:26.335Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-w3q8-m492-4pwp", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-w3q8-m492-4pwp", }, { name: "https://github.com/decidim/decidim/commit/073e60e2e4224dd81815a784002ebba30f2ebb34", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/commit/073e60e2e4224dd81815a784002ebba30f2ebb34", }, { name: "https://github.com/decidim/decidim/commit/b12800717a689c295a9ea680a38ca9f823d2c454", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/commit/b12800717a689c295a9ea680a38ca9f823d2c454", }, { name: "https://github.com/scambra/devise_invitable/commit/94d859c7de0829bf63f679ae5dd3cab2b866a098", tags: [ "x_refsource_MISC", ], url: "https://github.com/scambra/devise_invitable/commit/94d859c7de0829bf63f679ae5dd3cab2b866a098", }, { name: "https://github.com/decidim/decidim/blob/d2d390578050772d1bdb6d731395f1afc39dcbfc/decidim-core/config/initializers/devise.rb#L134", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/blob/d2d390578050772d1bdb6d731395f1afc39dcbfc/decidim-core/config/initializers/devise.rb#L134", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.26.9", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/releases/tag/v0.26.9", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.27.5", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.5", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.28.0", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/releases/tag/v0.28.0", }, { name: "https://github.com/scambra/devise_invitable/blob/41f58970ff76fb64382a9b9ea1bd530f7c3adab2/lib/devise_invitable/models.rb#L198", tags: [ "x_refsource_MISC", ], url: "https://github.com/scambra/devise_invitable/blob/41f58970ff76fb64382a9b9ea1bd530f7c3adab2/lib/devise_invitable/models.rb#L198", }, ], source: { advisory: "GHSA-w3q8-m492-4pwp", discovery: "UNKNOWN", }, title: "Decidim's devise_invitable gem vulnerable to circumvention of invitation token expiry period", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-48220", datePublished: "2024-02-20T17:24:37.791Z", dateReserved: "2023-11-13T13:25:18.480Z", dateUpdated: "2024-08-02T21:23:39.264Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-47635
Vulnerability from cvelistv5
Published
2024-02-20 16:45
Modified
2024-08-22 13:25
Severity ?
EPSS score ?
Summary
Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thread as you need to have access also to the session cookie in order to see this resource. This URL does not allow modifying the resource but it may allow attackers to gain access to information which was not meant to be public. The issue is fixed in version 0.27.5 and 0.28.0. As a workaround, disable the templates functionality or remove all available templates.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:16:42.655Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-f3qm-vfc3-jg6v", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-f3qm-vfc3-jg6v", }, { name: "https://github.com/decidim/decidim/pull/11743", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/pull/11743", }, { name: "https://github.com/decidim/decidim/pull/6247", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/pull/6247", }, { name: "https://github.com/decidim/decidim/commit/5542227be66e3b6d7530f5b536069bce09376660", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/commit/5542227be66e3b6d7530f5b536069bce09376660", }, { name: "https://github.com/decidim/decidim/commit/57a4b467787448307b5d9b01ce6e2c8502e121ac", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/commit/57a4b467787448307b5d9b01ce6e2c8502e121ac", }, { name: "https://github.com/decidim/decidim/blob/3187bdfd40ea1c57c2c12512b09a7fec0b2bed08/decidim-templates/app/controllers/decidim/templates/admin/questionnaire_templates_controller.rb#L11", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/blob/3187bdfd40ea1c57c2c12512b09a7fec0b2bed08/decidim-templates/app/controllers/decidim/templates/admin/questionnaire_templates_controller.rb#L11", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.27.5", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.5", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.28.0", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/releases/tag/v0.28.0", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:decidim:decidim:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "decidim", vendor: "decidim", versions: [ { lessThan: "0.27.5", status: "affected", version: "0.23.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-47635", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-22T13:23:33.057811Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-22T13:25:39.658Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "decidim", vendor: "decidim", versions: [ { status: "affected", version: ">= 0.23.0, < 0.27.5", }, ], }, ], descriptions: [ { lang: "en", value: "Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thread as you need to have access also to the session cookie in order to see this resource. This URL does not allow modifying the resource but it may allow attackers to gain access to information which was not meant to be public. The issue is fixed in version 0.27.5 and 0.28.0. As a workaround, disable the templates functionality or remove all available templates.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918: Server-Side Request Forgery (SSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-20T17:26:38.896Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-f3qm-vfc3-jg6v", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-f3qm-vfc3-jg6v", }, { name: "https://github.com/decidim/decidim/pull/11743", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/pull/11743", }, { name: "https://github.com/decidim/decidim/pull/6247", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/pull/6247", }, { name: "https://github.com/decidim/decidim/commit/5542227be66e3b6d7530f5b536069bce09376660", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/commit/5542227be66e3b6d7530f5b536069bce09376660", }, { name: "https://github.com/decidim/decidim/commit/57a4b467787448307b5d9b01ce6e2c8502e121ac", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/commit/57a4b467787448307b5d9b01ce6e2c8502e121ac", }, { name: "https://github.com/decidim/decidim/blob/3187bdfd40ea1c57c2c12512b09a7fec0b2bed08/decidim-templates/app/controllers/decidim/templates/admin/questionnaire_templates_controller.rb#L11", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/blob/3187bdfd40ea1c57c2c12512b09a7fec0b2bed08/decidim-templates/app/controllers/decidim/templates/admin/questionnaire_templates_controller.rb#L11", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.27.5", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.5", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.28.0", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/releases/tag/v0.28.0", }, ], source: { advisory: "GHSA-f3qm-vfc3-jg6v", discovery: "UNKNOWN", }, title: "Decidim vulnerable to possible CSRF attack at questionnaire templates preview", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-47635", datePublished: "2024-02-20T16:45:39.305Z", dateReserved: "2023-11-07T16:57:49.245Z", dateUpdated: "2024-08-22T13:25:39.658Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39910
Vulnerability from cvelistv5
Published
2024-09-16 18:38
Modified
2024-09-16 19:58
Severity ?
EPSS score ?
Summary
decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The WYSWYG editor QuillJS is subject to potential XSS attach in case the attacker manages to modify the HTML before being uploaded to the server. The attacker is able to change e.g. to <svg onload=alert('XSS')> if they know how to craft these requests themselves. This issue has been addressed in release version 0.27.7. All users are advised to upgrade. Users unable to upgrade should review the user accounts that have access to the admin panel (i.e. general Administrators, and participatory space's Administrators) and remove access to them if they don't need it. Disable the "Enable rich text editor for participants" setting in the admin dashboard
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/decidim/decidim/security/advisories/GHSA-vvqw-fqwx-mqmm | x_refsource_CONFIRM | |
| https://github.com/decidim/decidim/commit/47adca81cabea898005ec07b130b008f2a2be99f | x_refsource_MISC |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-39910", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-16T19:57:51.999340Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-16T19:58:06.959Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "decidim", vendor: "decidim", versions: [ { status: "affected", version: "< 0.27.7", }, ], }, ], descriptions: [ { lang: "en", value: "decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The WYSWYG editor QuillJS is subject to potential XSS attach in case the attacker manages to modify the HTML before being uploaded to the server. The attacker is able to change e.g. to <svg onload=alert('XSS')> if they know how to craft these requests themselves. This issue has been addressed in release version 0.27.7. All users are advised to upgrade. Users unable to upgrade should review the user accounts that have access to the admin panel (i.e. general Administrators, and participatory space's Administrators) and remove access to them if they don't need it. Disable the \"Enable rich text editor for participants\" setting in the admin dashboard", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T18:38:11.423Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-vvqw-fqwx-mqmm", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-vvqw-fqwx-mqmm", }, { name: "https://github.com/decidim/decidim/commit/47adca81cabea898005ec07b130b008f2a2be99f", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/commit/47adca81cabea898005ec07b130b008f2a2be99f", }, ], source: { advisory: "GHSA-vvqw-fqwx-mqmm", discovery: "UNKNOWN", }, title: "Cross-site scripting (XSS) in the decidim admin panel with QuillJS WYSWYG editor", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-39910", datePublished: "2024-09-16T18:38:11.423Z", dateReserved: "2024-07-02T19:37:18.601Z", dateUpdated: "2024-09-16T19:58:06.959Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36465
Vulnerability from cvelistv5
Published
2023-10-06 11:56
Modified
2024-09-19 18:48
Severity ?
EPSS score ?
Summary
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The `templates` module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in the administration panel. An attacker could use this vulnerability to change, create or delete templates of surveys. This issue has been patched in version 0.26.8 and 0.27.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/decidim/decidim/security/advisories/GHSA-639h-86hw-qcjq | x_refsource_CONFIRM | |
| https://github.com/decidim/decidim/releases/tag/v0.26.8 | x_refsource_MISC | |
| https://github.com/decidim/decidim/releases/tag/v0.27.4 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:45:57.045Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-639h-86hw-qcjq", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-639h-86hw-qcjq", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.26.8", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/releases/tag/v0.26.8", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.27.4", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.4", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36465", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-19T18:47:43.005008Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-19T18:48:00.313Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "decidim", vendor: "decidim", versions: [ { status: "affected", version: ">= 0.23.2, < 0.26.8", }, { status: "affected", version: ">= 0.27.0, < 0.27.4", }, ], }, ], descriptions: [ { lang: "en", value: "Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The `templates` module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in the administration panel. An attacker could use this vulnerability to change, create or delete templates of surveys. This issue has been patched in version 0.26.8 and 0.27.4.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284: Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-06T11:56:46.825Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-639h-86hw-qcjq", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-639h-86hw-qcjq", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.26.8", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/releases/tag/v0.26.8", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.27.4", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.4", }, ], source: { advisory: "GHSA-639h-86hw-qcjq", discovery: "UNKNOWN", }, title: "Decidim has broken access control in templates", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-36465", datePublished: "2023-10-06T11:56:46.825Z", dateReserved: "2023-06-21T18:50:41.700Z", dateUpdated: "2024-09-19T18:48:00.313Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-32034
Vulnerability from cvelistv5
Published
2024-09-16 18:38
Modified
2024-09-16 20:00
Severity ?
EPSS score ?
Summary
decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The admin panel is subject to potential Cross-site scripting (XSS) attach in case an admin assigns a valuator to a proposal, or does any other action that generates an admin activity log where one of the resources has an XSS crafted. This issue has been addressed in release version 0.27.7, 0.28.2, and newer. Users are advised to upgrade. Users unable to upgrade may redirect the pages /admin and /admin/logs to other admin pages to prevent this access (i.e. `/admin/organization/edit`).
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-32034", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-16T19:59:49.091452Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-16T20:00:04.199Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "decidim", vendor: "decidim", versions: [ { status: "affected", version: "< 0.27.7", }, { status: "affected", version: ">= 0.28.0, < 0.28.2", }, ], }, ], descriptions: [ { lang: "en", value: "decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The admin panel is subject to potential Cross-site scripting (XSS) attach in case an admin assigns a valuator to a proposal, or does any other action that generates an admin activity log where one of the resources has an XSS crafted. This issue has been addressed in release version 0.27.7, 0.28.2, and newer. Users are advised to upgrade. Users unable to upgrade may redirect the pages /admin and /admin/logs to other admin pages to prevent this access (i.e. `/admin/organization/edit`).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T18:38:09.562Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-rx9f-5ggv-5rh6", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-rx9f-5ggv-5rh6", }, { name: "https://github.com/decidim/decidim/commit/23fc8d702a4976727f78617f5e42353d67931645", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/commit/23fc8d702a4976727f78617f5e42353d67931645", }, { name: "https://github.com/decidim/decidim/commit/9d79f09a2d38c87feb28725670d6cc1f55c22072", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/commit/9d79f09a2d38c87feb28725670d6cc1f55c22072", }, { name: "https://github.com/decidim/decidim/commit/e494235d559be13dd1f8694345e6f6bba762d1c0", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/commit/e494235d559be13dd1f8694345e6f6bba762d1c0", }, { name: "https://github.com/decidim/decidim/commit/ff755e23814aeb56e9089fc08006a5d3faee47b6", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/commit/ff755e23814aeb56e9089fc08006a5d3faee47b6", }, ], source: { advisory: "GHSA-rx9f-5ggv-5rh6", discovery: "UNKNOWN", }, title: "Cross-site scripting (XSS) in the decidim admin activity log", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-32034", datePublished: "2024-09-16T18:38:09.562Z", dateReserved: "2024-04-09T15:29:35.939Z", dateUpdated: "2024-09-16T20:00:04.199Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-34089
Vulnerability from cvelistv5
Published
2023-07-11 17:36
Modified
2024-11-04 19:55
Severity ?
EPSS score ?
Summary
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in version 0.27.3 and 0.26.7.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/decidim/decidim/security/advisories/GHSA-5652-92r9-3fx9 | x_refsource_CONFIRM | |
| https://github.com/decidim/decidim/releases/tag/v0.26.6 | x_refsource_MISC | |
| https://github.com/decidim/decidim/releases/tag/v0.27.3 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:01:53.706Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-5652-92r9-3fx9", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-5652-92r9-3fx9", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.26.6", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/releases/tag/v0.26.6", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.27.3", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.3", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:decidim:decidim:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "decidim", vendor: "decidim", versions: [ { lessThan: "0.26.7", status: "affected", version: "0.14.0", versionType: "custom", }, { lessThan: "0.27.3", status: "affected", version: "0.27.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-34089", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-04T19:43:06.293337Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-04T19:55:37.787Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "decidim", vendor: "decidim", versions: [ { status: "affected", version: ">= 0.14.0, < 0.26.7", }, { status: "affected", version: ">= 0.27.0, < 0.27.3", }, ], }, ], descriptions: [ { lang: "en", value: "Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in version 0.27.3 and 0.26.7.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-19T20:52:42.091Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-5652-92r9-3fx9", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-5652-92r9-3fx9", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.26.6", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/releases/tag/v0.26.6", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.27.3", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.3", }, ], source: { advisory: "GHSA-5652-92r9-3fx9", discovery: "UNKNOWN", }, title: "Decidim Cross-site Scripting vulnerability in the processes filter", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-34089", datePublished: "2023-07-11T17:36:14.670Z", dateReserved: "2023-05-25T21:56:51.244Z", dateUpdated: "2024-11-04T19:55:37.787Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-34090
Vulnerability from cvelistv5
Published
2023-07-11 17:29
Modified
2024-10-23 15:27
Severity ?
EPSS score ?
Summary
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database collections (e.g., public meetings). By default, this library allows filtering on all data attributes and associations. This allows an unauthenticated remote attacker to exfiltrate non-public data from the underlying database of a Decidim instance (e.g., exfiltrating data from the user table). This issue may lead to Sensitive Data Disclosure. The problem was patched in version 0.27.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/decidim/decidim/security/advisories/GHSA-jm79-9pm4-vrw9 | x_refsource_CONFIRM | |
| https://github.com/decidim/decidim/security/advisories/GHSA-jm79-9pm4-vrw9#advisory-comment-81110 | x_refsource_MISC | |
| https://github.com/decidim/decidim/releases/tag/v0.27.3 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:01:53.423Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-jm79-9pm4-vrw9", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-jm79-9pm4-vrw9", }, { name: "https://github.com/decidim/decidim/security/advisories/GHSA-jm79-9pm4-vrw9#advisory-comment-81110", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-jm79-9pm4-vrw9#advisory-comment-81110", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.27.3", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.3", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:decidim:decidim:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "decidim", vendor: "decidim", versions: [ { lessThan: "0.27.3", status: "affected", version: "0.27.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-34090", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T15:26:40.815767Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T15:27:20.029Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "decidim", vendor: "decidim", versions: [ { status: "affected", version: ">= 0.27.0, < 0.27.3", }, ], }, ], descriptions: [ { lang: "en", value: "Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database collections (e.g., public meetings). By default, this library allows filtering on all data attributes and associations. This allows an unauthenticated remote attacker to exfiltrate non-public data from the underlying database of a Decidim instance (e.g., exfiltrating data from the user table). This issue may lead to Sensitive Data Disclosure. The problem was patched in version 0.27.3. ", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-11T17:29:36.629Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-jm79-9pm4-vrw9", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-jm79-9pm4-vrw9", }, { name: "https://github.com/decidim/decidim/security/advisories/GHSA-jm79-9pm4-vrw9#advisory-comment-81110", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-jm79-9pm4-vrw9#advisory-comment-81110", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.27.3", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.3", }, ], source: { advisory: "GHSA-jm79-9pm4-vrw9", discovery: "UNKNOWN", }, title: "Decidim vulnerable to sensitive data disclosure", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-34090", datePublished: "2023-07-11T17:29:36.629Z", dateReserved: "2023-05-25T21:56:51.244Z", dateUpdated: "2024-10-23T15:27:20.029Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-41673
Vulnerability from cvelistv5
Published
2024-10-01 14:58
Modified
2024-10-01 17:47
Severity ?
EPSS score ?
Summary
Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/decidim/decidim/security/advisories/GHSA-cc4g-m3g7-xmw8 | x_refsource_CONFIRM | |
| https://github.com/decidim/decidim/commit/8a18c8b1ee85a1b35ee0d8d5893f218695d15637 | x_refsource_MISC |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-41673", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-01T17:47:16.897644Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-01T17:47:27.814Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "decidim", vendor: "decidim", versions: [ { status: "affected", version: "< 0.27.8", }, ], }, ], descriptions: [ { lang: "en", value: "Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-01T14:58:34.521Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-cc4g-m3g7-xmw8", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-cc4g-m3g7-xmw8", }, { name: "https://github.com/decidim/decidim/commit/8a18c8b1ee85a1b35ee0d8d5893f218695d15637", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/commit/8a18c8b1ee85a1b35ee0d8d5893f218695d15637", }, ], source: { advisory: "GHSA-cc4g-m3g7-xmw8", discovery: "UNKNOWN", }, title: "Decidim has a cross-site scripting vulnerability in the version control page", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-41673", datePublished: "2024-10-01T14:58:34.521Z", dateReserved: "2024-07-18T15:21:47.486Z", dateUpdated: "2024-10-01T17:47:27.814Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27090
Vulnerability from cvelistv5
Published
2024-07-10 18:25
Modified
2024-08-02 00:27
Severity ?
EPSS score ?
Summary
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded (such as a Participatory Process, an Assembly, a Proposal, a Result, etc), then some data of this resource could be accessed. This vulnerability is fixed in 0.27.6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/decidim/decidim/security/advisories/GHSA-qcj6-vxwx-4rqv | x_refsource_CONFIRM | |
| https://github.com/decidim/decidim/pull/12528 | x_refsource_MISC | |
| https://github.com/decidim/decidim/commit/1756fa639ef393ca8e8bb16221cab2e2e7875705 | x_refsource_MISC | |
| https://github.com/decidim/decidim/releases/tag/v0.27.6 | x_refsource_MISC |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:decidim:decidim:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "decidim", vendor: "decidim", versions: [ { lessThan: "0.27.6", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-27090", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-10T19:29:59.485283Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-11T17:44:23.242Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:27:57.819Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-qcj6-vxwx-4rqv", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-qcj6-vxwx-4rqv", }, { name: "https://github.com/decidim/decidim/pull/12528", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/pull/12528", }, { name: "https://github.com/decidim/decidim/commit/1756fa639ef393ca8e8bb16221cab2e2e7875705", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/commit/1756fa639ef393ca8e8bb16221cab2e2e7875705", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.27.6", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "decidim", vendor: "decidim", versions: [ { status: "affected", version: "< 0.27.6", }, ], }, ], descriptions: [ { lang: "en", value: "Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded (such as a Participatory Process, an Assembly, a Proposal, a Result, etc), then some data of this resource could be accessed. This vulnerability is fixed in 0.27.6.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-10T18:25:26.241Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-qcj6-vxwx-4rqv", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-qcj6-vxwx-4rqv", }, { name: "https://github.com/decidim/decidim/pull/12528", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/pull/12528", }, { name: "https://github.com/decidim/decidim/commit/1756fa639ef393ca8e8bb16221cab2e2e7875705", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/commit/1756fa639ef393ca8e8bb16221cab2e2e7875705", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.27.6", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.6", }, ], source: { advisory: "GHSA-qcj6-vxwx-4rqv", discovery: "UNKNOWN", }, title: "Decidim vulnerable to data disclosure through the embed feature", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-27090", datePublished: "2024-07-10T18:25:26.241Z", dateReserved: "2024-02-19T14:43:05.992Z", dateUpdated: "2024-08-02T00:27:57.819Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27095
Vulnerability from cvelistv5
Published
2024-07-10 19:07
Modified
2024-08-02 00:27
Severity ?
EPSS score ?
Summary
Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/decidim/decidim/security/advisories/GHSA-529p-jj47-w3m3 | x_refsource_CONFIRM | |
| https://github.com/decidim/decidim/releases/tag/v0.27.6 | x_refsource_MISC | |
| https://github.com/decidim/decidim/releases/tag/v0.28.1 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-27095", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-10T19:56:08.980647Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-10T19:56:37.741Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:27:59.577Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-529p-jj47-w3m3", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-529p-jj47-w3m3", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.27.6", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.6", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.28.1", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/releases/tag/v0.28.1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "decidim", vendor: "decidim", versions: [ { status: "affected", version: "< 0.27.6", }, { status: "affected", version: ">= 0.28.0.rc1, < 0.28.1", }, ], }, ], descriptions: [ { lang: "en", value: "Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-10T19:07:45.995Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-529p-jj47-w3m3", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-529p-jj47-w3m3", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.27.6", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.6", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.28.1", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/releases/tag/v0.28.1", }, ], source: { advisory: "GHSA-529p-jj47-w3m3", discovery: "UNKNOWN", }, title: "Decidim cross-site scripting (XSS) in the admin panel", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-27095", datePublished: "2024-07-10T19:07:45.995Z", dateReserved: "2024-02-19T14:43:05.993Z", dateUpdated: "2024-08-02T00:27:59.577Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45594
Vulnerability from cvelistv5
Published
2024-11-13 16:21
Modified
2024-11-13 18:43
Severity ?
EPSS score ?
Summary
Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.28.3 and 0.29.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/decidim/decidim/security/advisories/GHSA-j4h6-gcj7-7v9v | x_refsource_CONFIRM |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:decidim:decidim:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "decidim", vendor: "decidim", versions: [ { status: "affected", version: "0.28.0", }, { status: "affected", version: "0.28.1", }, { status: "affected", version: "0.28.2", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45594", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T18:43:43.229338Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T18:43:57.042Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "decidim", vendor: "decidim", versions: [ { status: "affected", version: ">= 0.28.0, < 0.28.3", }, ], }, ], descriptions: [ { lang: "en", value: "Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.28.3 and 0.29.0.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-13T16:21:37.850Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-j4h6-gcj7-7v9v", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-j4h6-gcj7-7v9v", }, ], source: { advisory: "GHSA-j4h6-gcj7-7v9v", discovery: "UNKNOWN", }, title: "Decidim allows cross-site scripting (XSS) in the online or hybrid meeting embeds", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-45594", datePublished: "2024-11-13T16:21:37.850Z", dateReserved: "2024-09-02T16:00:02.423Z", dateUpdated: "2024-11-13T18:43:57.042Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-47634
Vulnerability from cvelistv5
Published
2024-02-20 16:37
Modified
2024-08-02 21:16
Severity ?
EPSS score ?
Summary
Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of resources (for instance, a proposal) allows a user to make more than once endorsement. To exploit this vulnerability, the request to set an endorsement must be sent several times in parallel. Versions 0.26.9, 0.27.5, and 0.28.0 contain a patch for this issue. As a workaround, disable the Endorsement feature in the components.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/decidim/decidim/security/advisories/GHSA-r275-j57c-7mf2 | x_refsource_CONFIRM | |
| https://github.com/decidim/decidim/releases/tag/v0.26.9 | x_refsource_MISC | |
| https://github.com/decidim/decidim/releases/tag/v0.27.5 | x_refsource_MISC | |
| https://github.com/decidim/decidim/releases/tag/v0.28.0 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-47634", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-29T18:21:02.095576Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:26:35.629Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T21:16:42.668Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-r275-j57c-7mf2", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-r275-j57c-7mf2", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.26.9", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/releases/tag/v0.26.9", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.27.5", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.5", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.28.0", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/releases/tag/v0.28.0", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "decidim", vendor: "decidim", versions: [ { status: "affected", version: ">= 0.10.0, < 0.26.9", }, { status: "affected", version: ">= 0.27.0, < 0.27.5", }, ], }, ], descriptions: [ { lang: "en", value: "Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of resources (for instance, a proposal) allows a user to make more than once endorsement. To exploit this vulnerability, the request to set an endorsement must be sent several times in parallel. Versions 0.26.9, 0.27.5, and 0.28.0 contain a patch for this issue. As a workaround, disable the Endorsement feature in the components. ", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-362", description: "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-20T16:37:51.966Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-r275-j57c-7mf2", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-r275-j57c-7mf2", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.26.9", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/releases/tag/v0.26.9", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.27.5", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.5", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.28.0", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/releases/tag/v0.28.0", }, ], source: { advisory: "GHSA-r275-j57c-7mf2", discovery: "UNKNOWN", }, title: "Decidim has race condition in Endorsements", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-47634", datePublished: "2024-02-20T16:37:51.966Z", dateReserved: "2023-11-07T16:57:49.245Z", dateUpdated: "2024-08-02T21:16:42.668Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-32469
Vulnerability from cvelistv5
Published
2024-07-10 19:10
Modified
2024-08-02 02:13
Severity ?
EPSS score ?
Summary
Decidim is a participatory democracy framework. The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter `per_page`. This vulnerability is fixed in 0.27.6 and 0.28.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/decidim/decidim/security/advisories/GHSA-7cx8-44pc-xv3q | x_refsource_CONFIRM | |
| https://github.com/decidim/decidim/releases/tag/v0.27.6 | x_refsource_MISC | |
| https://github.com/decidim/decidim/releases/tag/v0.28.1 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-32469", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-11T14:25:38.744268Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-11T14:25:47.917Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:13:39.100Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-7cx8-44pc-xv3q", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-7cx8-44pc-xv3q", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.27.6", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.6", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.28.1", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/releases/tag/v0.28.1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "decidim", vendor: "decidim", versions: [ { status: "affected", version: "< 0.27.6", }, { status: "affected", version: ">= 0.28.0.rc1, < 0.28.1", }, ], }, ], descriptions: [ { lang: "en", value: "Decidim is a participatory democracy framework. The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter `per_page`. This vulnerability is fixed in 0.27.6 and 0.28.1.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-10T19:10:36.304Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-7cx8-44pc-xv3q", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-7cx8-44pc-xv3q", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.27.6", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.6", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.28.1", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/releases/tag/v0.28.1", }, ], source: { advisory: "GHSA-7cx8-44pc-xv3q", discovery: "UNKNOWN", }, title: "Decidim has cross-site scripting (XSS) in the pagination", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-32469", datePublished: "2024-07-10T19:10:36.304Z", dateReserved: "2024-04-12T19:41:51.166Z", dateUpdated: "2024-08-02T02:13:39.100Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32693
Vulnerability from cvelistv5
Published
2023-07-11 17:19
Modified
2024-11-04 19:54
Severity ?
EPSS score ?
Summary
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in versions 0.27.3 and 0.26.7.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/decidim/decidim/security/advisories/GHSA-469h-mqg8-535r | x_refsource_CONFIRM | |
| https://github.com/decidim/decidim/releases/tag/v0.26.7 | x_refsource_MISC | |
| https://github.com/decidim/decidim/releases/tag/v0.27.3 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:36.480Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-469h-mqg8-535r", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-469h-mqg8-535r", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.26.7", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/releases/tag/v0.26.7", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.27.3", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.3", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:decidim:decidim:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "decidim", vendor: "decidim", versions: [ { lessThan: "0.26.7", status: "affected", version: "0.25.0", versionType: "custom", }, { lessThan: "0.27.3", status: "affected", version: "0.27.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-32693", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-04T19:43:24.248114Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-04T19:54:10.232Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "decidim", vendor: "decidim", versions: [ { status: "affected", version: ">= 0.25.0, < 0.26.7", }, { status: "affected", version: ">= 0.27.0, < 0.27.3", }, ], }, ], descriptions: [ { lang: "en", value: "Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in versions 0.27.3 and 0.26.7.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-19T19:18:32.414Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-469h-mqg8-535r", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-469h-mqg8-535r", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.26.7", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/releases/tag/v0.26.7", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.27.3", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.3", }, ], source: { advisory: "GHSA-469h-mqg8-535r", discovery: "UNKNOWN", }, title: "Decidim Cross-site Scripting vulnerability in the external link redirections", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-32693", datePublished: "2023-07-11T17:19:26.138Z", dateReserved: "2023-05-11T16:33:45.733Z", dateUpdated: "2024-11-04T19:54:10.232Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }