CVE-2023-36465 (decidim): Decidim has broken access control in templates

Ruby Security Advisory

### Impact

The `templates` module doesn’t enforce the correct permissions,
allowing any logged-in user to access to this functionality in
the administration panel. An attacker could use this vulnerability
to change, create or delete templates of surveys.

READ MORE