Primary

Context

Galette Access Control Bypass Vulnerability in Contributions and Transactions

Vulnerability

Patched

An access control bypass vulnerability has been identified in Galette, a membership management web application for non-profit organizations. This vulnerability affects users logged in as group managers, allowing them to bypass intended restrictions on Contributions and Transactions. The issue is present in Galette versions 1.1.4 through 1.2.0.

Impact

Exploitation of this vulnerability allows group managers to bypass restrictions on Contributions and Transactions, potentially leading to unauthorized modifications or access.

Remediation

Users can upgrade to Galette version 1.2.0 to address this vulnerability.

Added: Dec 19, 2025, 4:20 PM

Updated: Dec 19, 2025, 6:15 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.6

exploitability

5.2

remediation

7.7

relevance

1.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.6

exploitability

5.2

remediation

7.7

relevance

1.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Galette Access Control Bypass Vulnerability in Contributions and Transactions

Vulnerability

Impact

Remediation

Affected Products

Galette

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating