CVE-2023-47635

Name of the Vulnerable Software and Affected Versions Decidim versions 0.23.0 through 0.27.4 Decidim versions 0.28.0 before the fix

Description Decidim is a participatory democracy framework. The CSRF authenticity token check is disabled for the questionnaire templates preview, which may allow attackers to gain access to information that was not meant to be public. This issue does not imply a serious security threat as access to the session cookie is also required to see this resource. The URL does not allow modifying the resource.

Recommendations For Decidim versions 0.23.0 through 0.27.4, update to version 0.27.5 or later. For Decidim versions 0.28.0 before the fix, update to the fixed version 0.28.0 or later. As a temporary workaround, consider disabling the templates functionality or removing all available templates to minimize the risk of exploitation.