Description

Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in as group manager may bypass intended restrictions on Contributions and Transactions. Version 1.2.0 fixes the issue.

Related CPE's

Could not find any relations

References

https://github.com/galette/galette/security/advisories/GHSA-5jp7-5c38-3pv6

Weaknesses

[email protected]

Primary
CWE-863

CVSS impact metrics

Missing metrics for CVSS V

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Undergoing analysis

Published

2025-12-19T16:15:56.973

3 hours ago

Last modified

2025-12-19T18:00:18.330

1 hour ago