CVE-2024-24761

EPSS 0.21%
Veröffentlicht 06.03.2024 18:15:46
Zuletzt bearbeitet 17.12.2024 20:06:11
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Galette is a membership management web application for non profit organizations. Starting in version 1.0.0 and prior to version 1.0.2, public pages are per default restricted to only administrators and staff members. From configuration, it is possible to restrict to up-to-date members or to everyone. Version 1.0.2 fixes this issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Galette ≫ Galette Version1.0.0

Galette ≫ Galette Version1.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.427

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://github.com/galette/galette/commit/a5c18bb9819b8da1b3ef58f3e79577083c657fbb

Patch

https://github.com/galette/galette/security/advisories/GHSA-jrqg-mpwv-pxpv

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-24761

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-24761

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-24761

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-24761