CVE-2023-27578

Name of the Vulnerable Software and Affected Versions Galaxy versions prior to 22.01 Galaxy versions prior to 22.05 Galaxy versions prior to 23.0

Description Galaxy is an open-source platform for data analysis. The issue is caused by an insufficient permission check, allowing an attacker to modify or delete any Galaxy Visualization or Galaxy Page if they know the encoded ID of it. Additionally, they can copy or import any Galaxy Visualization given they know the encoded ID of it. Unsupported versions are likely affected as far back as the functionality of Visualizations/Pages exists.

Recommendations For versions prior to 22.01, apply the available patch and restart all Galaxy server processes for the changes to take effect. For versions prior to 22.05, apply the available patch and restart all Galaxy server processes for the changes to take effect. For versions prior to 23.0, apply the available patch and restart all Galaxy server processes for the changes to take effect.