CVE-2023-47634

Summary

CVE-2023-47634 is a vulnerability that affects the Decidim participatory democracy framework. Versions 0.10.0 and earlier have a race condition in the endorsement of resources, allowing users to make multiple endorsements by sending multiple requests in parallel. Versions 0.26.9, 0.27.5, and 0.28.0 contain a patch for this issue, but as a workaround, organizations can disable the Endorsement feature. The vulnerability has a low base severity and score of 3.1, with low integrity and no confidentiality impact. The exploitability score is 1.6, indicating relatively low ease of exploitation through network attack vectors, while privileges required and user interaction are also low. The potential danger posed to an organization is relatively low, but it is still recommended to apply the available patches or implement the suggested workaround to mitigate any risks associated with this vulnerability. Note: The summary provided is hypothetical and does not reflect any actual vulnerability or source information as it was not included in the given text snippet.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.