← back
CVE-2024-24761

Galette public pages accessibility restriction

CVSS 7.5 HIGHEPSS 0.6%CWE-863
Galette is a membership management web application for non profit organizations. Starting in version 1.0.0 and prior to version 1.0.2, public pages are per default restricted to only administrators and staff members. From configuration, it is possible to restrict to up-to-date members or to everyone. Version 1.0.2 fixes this issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
galette · galette

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/galette/galette/commit/a5c18bb9819b8da1b3ef58f3e79577083c657fbbhttps://github.com/galette/galette/security/advisories/GHSA-jrqg-mpwv-pxpv