Gagnieray

**Name of the Vulnerable Software and Affected Versions** Galette versions 1.1.4 through 1.1.9 **Description** Galette is a membership management web application designed for non-profit organizations. A logged-in group manager can bypass intended restrictions related to Contributions and Transactions. **Recommendations** Update to version 1.2.0 or later.

**Name of the Vulnerable Software and Affected Versions** Galette versions 0.9.6 through 1.1.9 **Description** Galette is a membership management web application designed for non-profit organizations. Individuals with the 'group manager' role can circumvent intended restrictions, enabling unauthorized access and modifications despite the presence of role-based access controls. Exploitation is limited to those with initial privileged access, such as malicious insiders or compromised group manager accounts. **Recommendations** Update to version 1.2.0 or later.

**Name of the Vulnerable Software and Affected Versions** Galette versions 1.0.0 through 1.0.1 **Description** Galette is a membership management web application for non-profit organizations. By default, public pages are restricted to only administrators and staff members in versions prior to 1.0.2. Configuration options allow for restriction to up-to-date members or to everyone. **Recommendations** For versions 1.0.0 through 1.0.1, update to version 1.0.2 to resolve the issue.