Description

Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue.

Related CPE's

Could not find any relations

References

https://github.com/galette/galette/security/advisories/GHSA-r7x8-6r56-498r

Weaknesses

[email protected]

Primary
CWE-269

CVSS impact metrics

Missing metrics for CVSS V

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Undergoing analysis

Published

2025-12-19T17:15:52.440

3 hours ago

Last modified

2025-12-19T18:00:18.330

3 hours ago