3 matches found
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the privateexports process. An attacker can access another user's private data exports by exploiting UUID collisions that occur when the UUID is converted to an integer, causing files...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the privateexports process. An attacker can access another user's private data exports by exploiting UUID collisions that occur when the UUID is converted to an integer, causing files...
PT-2026-6353
Impact Private data exports can lead to data leaks in cases where the UUID generation causes collisions for the generated UUIDs. The bug was introduced by 13571 and affects Decidim versions 0.30.0 or newer currently 2025-09-23. This issue was discovered by running the following spec several times...