In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade decidim-participatory_processes to version 0.30.9, 0.31.5, 0.32.0.rc2 or higher.
Affected versions of this package are vulnerable to Information Exposure via the variant_url process. An attacker can access sensitive identity-document images by obtaining and replaying signed Active Storage URLs embedded in admin review pages, without requiring authentication. This is only exploitable if the "Identity documents" verification feature is enabled.