CNNVD-202512-3129 Information

CNNVD ID

CNNVD-202512-3129

Related CVE

CVE-2025-67715

• CNNVD Published: 2025-12-16

Description (Chinese)

Weblate是Weblate开源的一个 Copyleft 的基于 web 的自由软件持续本地化系统。 Weblate 5.15之前版本存在授权问题漏洞，该漏洞源于API可能检索用户通知设置或列出所有用户，可能导致信息泄露。

Description (English)

Weblate is a weblate open source, a web-based free software-based localization system. The previous version of Weblate 5.15 had a mandate gap, which stemmed from the possibility that API could retrieve user notification settings or list all users, which could lead to the disclosure of information.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

Weblate

Published

2025-12-16

Last Modified

2026-02-24

References

https://github.com/WeblateOrg/weblate/pull/17256 https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3pmh-24wp-xpf4 https://access.redhat.com/security/cve/cve-2025-67715

Patch

https://github.com/WeblateOrg/weblate/releases