Openslides
Monthly
OpenSlides versions prior to 4.2.29 allow unauthorized authentication bypass for SAML-synchronized users through the local login form by using the victim's username with a hardcoded trivial password. An attacker can gain complete access to any SAML user account without knowing their actual credentials, potentially compromising sensitive assembly management data including agendas, motions, and election information. A patch is available in version 4.2.29 and should be applied immediately to all affected instances.
An issue was discovered in OpenSlides before 4.2.5. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in OpenSlides before 4.2.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A directory traversal issue was discovered in OpenSlides before 4.2.5. Rated low severity (CVSS 3.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
An XSS issue was discovered in OpenSlides before 4.2.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
OpenSlides versions prior to 4.2.29 allow unauthorized authentication bypass for SAML-synchronized users through the local login form by using the victim's username with a hardcoded trivial password. An attacker can gain complete access to any SAML user account without knowing their actual credentials, potentially compromising sensitive assembly management data including agendas, motions, and election information. A patch is available in version 4.2.29 and should be applied immediately to all affected instances.
An issue was discovered in OpenSlides before 4.2.5. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in OpenSlides before 4.2.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A directory traversal issue was discovered in OpenSlides before 4.2.5. Rated low severity (CVSS 3.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
An XSS issue was discovered in OpenSlides before 4.2.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.