Openslides
CVE-2024-22893
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack.
AnalysisAI
OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack. Affected products include: Openslides.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.
More in Openslides
View allAn XSS issue was discovered in OpenSlides before 4.2.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely
An issue was discovered in OpenSlides before 4.2.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exp
OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and electi
OpenSlides versions prior to 4.2.29 allow unauthorized authentication bypass for SAML-synchronized users through the loc
OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords. Rated high severity (CVSS 7.5)
A directory traversal issue was discovered in OpenSlides before 4.2.5. Rated low severity (CVSS 3.0), this vulnerability
An issue was discovered in OpenSlides before 4.2.5. Rated low severity (CVSS 3.5), this vulnerability is remotely exploi
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today